Bug 1159550 - (CVE-2019-19724) VUL-0: CVE-2019-19724: singularity: Insecure permissions are set on $HOME/.singularity potentially to an information leak
(CVE-2019-19724)
VUL-0: CVE-2019-19724: singularity: Insecure permissions are set on $HOME/.si...
Status: NEW
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.1
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Ana Guerrero
Security Team bot
https://smash.suse.de/issue/249524/
obs:running:11884:moderate
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-12-19 12:53 UTC by Alexandros Toptsoglou
Modified: 2021-11-08 14:36 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2019-12-19 12:53:12 UTC
CVE-2019-19724

Insecure permissions (777) are set on $HOME/.singularity when it is newly
created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an
information leak, and malicious redirection of operations performed against
Sylabs cloud services.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19724
https://github.com/sylabs/singularity/releases/tag/v3.5.2
Comment 1 Swamp Workflow Management 2020-01-08 10:50:10 UTC
This is an autogenerated message for OBS integration:
This bug (1159550) was mentioned in
https://build.opensuse.org/request/show/761801 15.1 / singularity
Comment 2 Swamp Workflow Management 2020-01-14 20:17:54 UTC
openSUSE-SU-2020:0057-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1159550
CVE References: CVE-2019-19724
Sources used:
openSUSE Leap 15.1 (src):    singularity-2.6.1-lp151.2.3.1
Comment 3 Swamp Workflow Management 2020-07-23 10:15:49 UTC
openSUSE-SU-2020:1037-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1125369,1128598,1159550,1174148,1174150,1174152
CVE References: CVE-2019-11328,CVE-2019-19724,CVE-2020-13845,CVE-2020-13846,CVE-2020-13847
Sources used:
openSUSE Leap 15.1 (src):    singularity-3.6.0-lp151.2.6.1