Bugzilla – Bug 1159550
VUL-0: CVE-2019-19724: singularity: Insecure permissions are set on $HOME/.singularity potentially to an information leak
Last modified: 2021-11-08 14:36:01 UTC
Insecure permissions (777) are set on $HOME/.singularity when it is newly
created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an
information leak, and malicious redirection of operations performed against
Sylabs cloud services.
This is an autogenerated message for OBS integration:
This bug (1159550) was mentioned in
https://build.opensuse.org/request/show/761801 15.1 / singularity
openSUSE-SU-2020:0057-1: An update that fixes one vulnerability is now available.
Category: security (moderate)
Bug References: 1159550
CVE References: CVE-2019-19724
openSUSE Leap 15.1 (src): singularity-2.6.1-lp220.127.116.11
openSUSE-SU-2020:1037-1: An update that solves 5 vulnerabilities and has one errata is now available.
Category: security (important)
Bug References: 1125369,1128598,1159550,1174148,1174150,1174152
CVE References: CVE-2019-11328,CVE-2019-19724,CVE-2020-13845,CVE-2020-13846,CVE-2020-13847
openSUSE Leap 15.1 (src): singularity-3.6.0-lp18.104.22.168