SUSE Package Hub - openSUSE-2018-730

Update Info

openSUSE-2018-730

Security update for singularity

Type: security

Severity: moderate

Issued: 2018-07-16

Description:

This update for singularity fixes the following issues:

- CVE-2018-12021: A race condition might have allowed malicious users to bypass directory image restrictions,
  like mounting the host root filesystem as a container image (boo#1100333)

References

CVE: CVE-2018-12021
Bugzilla: 1100333 VUL-0: CVE-2018-12021: singularity: Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control onsystems supporting overlay file system

Packages

singularity-2.3.2-11.1