Bug 1213659 (CVE-2023-38496)

Summary: VUL-0: CVE-2023-38496: apptainer: Ineffective privileges drop when requesting container network
Product: [openSUSE] openSUSE Distribution Reporter: Gianluca Gabrielli <gianluca.gabrielli>
Component: OtherAssignee: Christian Goll <cgoll>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P3 - Medium    
Version: Leap 15.5   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/373431/
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 1 Christian Goll 2023-07-26 07:37:20 UTC 
Although not relevant for the package as it is compiled without setuid, a fixed version is committed to factory.
Comment 4 Christian Goll 2024-03-28 14:07:31 UTC 
Only 1.2.0 and 1.2.0-rc2 where affected.
I submitted 1.2.0 to factory yesterday (26.7) and rc2 was only present in my home repo.
Also the CVE wasn't relevant as we do not build the suid binary!