 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2022.0006 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2022-0006) |
| Zusammenfassung: | The remote host is missing an update for the 'singularity' package(s) announced via the MGASA-2022-0006 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'singularity' package(s) announced via the MGASA-2022-0006 advisory. Vulnerability Insight: A dependency used to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name '.' (or '/'), when running as root. (CVE-2021-29136) Dde to incorrect use of a default URL, `singularity` action commands (`run`/`shell`/`exec`) specifying a container using a `library://` URI will always attempt to retrieve the container from the default remote endpoint (`cloud.sylabs.io`) rather than the configured remote endpoint. An attacker may be able to push a malicious container to the default remote endpoint with a URI that is identical to the URI used by a victim with a non-default remote endpoint, thus executing the malicious container. Only action commands (`run`/`shell`/`exec`) against `library://` URIs are affected. Other commands such as `pull` / `push` respect the configured remote endpoint. (CVE-2021-32635) If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. (CVE-2021-41190) Affected Software/OS: 'singularity' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-29136 http://www.openwall.com/lists/oss-security/2021/04/06/2 Common Vulnerability Exposure (CVE) ID: CVE-2021-32635 https://github.com/sylabs/singularity/security/advisories/GHSA-5mv9-q7fq-9394 https://security.gentoo.org/glsa/202107-50 https://github.com/sylabs/singularity/releases/tag/v3.7.4 Common Vulnerability Exposure (CVE) ID: CVE-2021-41190 https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TUZNDAH2B26VPBK342UC3BHZNLBUXGX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4334HT7AZPLWNYHW4ARU6JBUF3VZJPZN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YIGVQWOA5XXCQXEOOKZX4CDAGLBDRPRX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DX63GRWFEI5RVMYV6XLMCG4OHPWZML27/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQBCYJUIM5GVCMFUPRWKRZNXMMI5EFA4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZTO6N55WHKHIZI4IMLY2QFBPMVTAERM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RRFNTMFYKOTRKD37F5ANMCIO3GGJML/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4OJ764CKKCWCVONHD4YXTGR7HZ7LRUV/ https://github.com/opencontainers/distribution-spec/commit/ac28cac0557bcd3084714ab09f9f2356fe504923 http://www.openwall.com/lists/oss-security/2021/11/19/10 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |