1213659 – (CVE-2023-38496) VUL-0: CVE-2023-38496: apptainer: Ineffective privileges drop when requesting container network

Bug 1213659 (CVE-2023-38496) - VUL-0: CVE-2023-38496: apptainer: Ineffective privileges drop when requesting container network

Summary: VUL-0: CVE-2023-38496: apptainer: Ineffective privileges drop when requesting...

Status:	RESOLVED FIXED

Alias:	CVE-2023-38496

Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Other (show other bugs)
Version:	Leap 15.5
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal (vote)
Target Milestone:	---
Assignee:	Christian Goll
QA Contact:	E-mail List

URL:	https://smash.suse.de/issue/373431/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-07-26 06:45 UTC by Gianluca Gabrielli
Modified:	2024-03-28 14:07 UTC (History)
CC List:	0 users

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 1 Christian Goll 2023-07-26 07:37:20 UTC

Although not relevant for the package as it is compiled without setuid, a fixed version is committed to factory.

Comment 4 Christian Goll 2024-03-28 14:07:31 UTC

Only 1.2.0 and 1.2.0-rc2 where affected.
I submitted 1.2.0 to factory yesterday (26.7) and rc2 was only present in my home repo.
Also the CVE wasn't relevant as we do not build the suid binary!