Bug 1176707 - (CVE-2020-25040) VUL-1: CVE-2020-25040: singularity: Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than .
(CVE-2020-25040)
VUL-1: CVE-2020-25040: singularity: Sylabs Singularity through 3.6.2 has Inse...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Ana Guerrero
Security Team bot
https://smash.suse.de/issue/267555/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-09-18 08:08 UTC by Marcus Meissner
Modified: 2023-01-11 15:29 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2020-09-18 08:08:45 UTC
CVE-2020-25040

Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary
directories used in explicit and implicit container build operations, a
different vulnerability than CVE-2020-25039.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25040
https://github.com/hpcng/singularity/security/advisories/GHSA-jv9c-w74q-6762
https://medium.com/sylabs
Comment 1 OBSbugzilla Bot 2020-09-18 10:00:13 UTC
This is an autogenerated message for OBS integration:
This bug (1176707) was mentioned in
https://build.opensuse.org/request/show/835375 15.2 / singularity
https://build.opensuse.org/request/show/835376 15.1 / singularity
Comment 2 Swamp Workflow Management 2020-09-21 22:16:27 UTC
openSUSE-SU-2020:1497-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1176705,1176707
CVE References: CVE-2020-25039,CVE-2020-25040
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    singularity-3.6.3-lp152.2.6.1
openSUSE Leap 15.1 (src):    singularity-3.6.3-lp151.2.9.1
Comment 3 Swamp Workflow Management 2020-09-25 13:28:28 UTC
openSUSE-SU-2020:1529-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1176705,1176707
CVE References: CVE-2020-25039,CVE-2020-25040
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    singularity-3.6.3-bp152.2.8.1
Comment 5 Hu 2023-01-11 15:29:20 UTC
done, closing