GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Jul 22, 2021 6:26 am Post subject: [ GLSA 202107-50 ] Singularity |
 |
|
Gentoo Linux Security Advisory
Title: Singularity: Remote code execution (GLSA 202107-50)
Severity: high
Exploitable: remote
Date: 2021-07-22
Bug(s): #792465
ID: 202107-50
Synopsis
A vulnerability in Singularity could result in remote code
execution.
Background
Singularity is the container platform for performance sensitive
workloads.
Affected Packages
Package: sys-cluster/singularity
Vulnerable: < 3.7.4
Unaffected: >= 3.7.4
Architectures: All supported architectures
Description
Singularity always uses the default remote endpoint,
‘cloud.syslabs.io’, for action commands using the ‘library://’
URI rather than the configured remote endpoint.
Impact
An attacker that that can push a malicious container to the default
remote endpoint could execute code on hosts that fetch the container.
Workaround
There is no known workaround at this time.
Resolution
All Singularity users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-cluster/singularity-3.7.4"
|
References
CVE-2021-32635 |
|
News & Announcements
