SUSE Package Hub - openSUSE-2020-1814

Update Info

openSUSE-2020-1814

Security update for singularity

Type: security

Severity: important

Issued: 2020-11-02

Description:

This update for singularity fixes the following issues:

Update to new version 3.6.4:

- CVE-2020-15229: Due to insecure handling of path traversal and the lack of path 
  sanitization within unsquashfs, it is possible to overwrite/create files on the
  host filesystem during the extraction of a crafted squashfs filesystem (boo#1177901).

This update was imported from the openSUSE:Leap:15.2:Update update project.

References

CVE: CVE-2020-15229
Bugzilla: 1177901 VUL-0: CVE-2020-15229: singularity: path traversal and files overwrite with unsquashfs

Packages

singularity-3.6.4-bp152.2.12.1