Bugzilla – Bug 1174148
VUL-0: CVE-2020-13846: singularity: failure to report an error in signature Status Code
Last modified: 2021-11-08 14:36:08 UTC
CVE-2020-13846 Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13846 http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13846.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13846 https://github.com/hpcng/singularity/security/advisories/GHSA-6w7g-p4jh-rf92 https://medium.com/sylabs
Bascially, this amounts to updating singularity 3.6.0 (please mention this CVE and bug ID), submitting it to Factory and providing a maintenance update for Leap 15.0, 15.1 and 15.2.
Singularity 3.6.0 updated in: Factory: https://build.opensuse.org/request/show/821083 Leap 15.2: https://build.opensuse.org/request/show/821122 Leap 15.1: https://build.opensuse.org/request/show/821131 Leap 15.0 has reached its end of life and does't have Go 1.13 needed by singularity since 3.5.
openSUSE-SU-2020:1011-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1174148,1174150,1174152 CVE References: CVE-2020-13845,CVE-2020-13846,CVE-2020-13847 Sources used: openSUSE Leap 15.2 (src): singularity-3.6.0-lp152.2.3.1
openSUSE-SU-2020:1037-1: An update that solves 5 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1125369,1128598,1159550,1174148,1174150,1174152 CVE References: CVE-2019-11328,CVE-2019-19724,CVE-2020-13845,CVE-2020-13846,CVE-2020-13847 Sources used: openSUSE Leap 15.1 (src): singularity-3.6.0-lp151.2.6.1
openSUSE-SU-2020:1100-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1174148,1174150,1174152 CVE References: CVE-2020-13845,CVE-2020-13846,CVE-2020-13847 JIRA References: Sources used: openSUSE Backports SLE-15-SP2 (src): singularity-3.6.0-bp152.2.4.1