 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2022.0006 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2022-0006) |
| Resumen: | The remote host is missing an update for the 'singularity' package(s) announced via the MGASA-2022-0006 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'singularity' package(s) announced via the MGASA-2022-0006 advisory. Vulnerability Insight: A dependency used to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name '.' (or '/'), when running as root. (CVE-2021-29136) Dde to incorrect use of a default URL, `singularity` action commands (`run`/`shell`/`exec`) specifying a container using a `library://` URI will always attempt to retrieve the container from the default remote endpoint (`cloud.sylabs.io`) rather than the configured remote endpoint. An attacker may be able to push a malicious container to the default remote endpoint with a URI that is identical to the URI used by a victim with a non-default remote endpoint, thus executing the malicious container. Only action commands (`run`/`shell`/`exec`) against `library://` URIs are affected. Other commands such as `pull` / `push` respect the configured remote endpoint. (CVE-2021-32635) If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. (CVE-2021-41190) Affected Software/OS: 'singularity' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-29136 http://www.openwall.com/lists/oss-security/2021/04/06/2 Common Vulnerability Exposure (CVE) ID: CVE-2021-32635 https://github.com/sylabs/singularity/security/advisories/GHSA-5mv9-q7fq-9394 https://security.gentoo.org/glsa/202107-50 https://github.com/sylabs/singularity/releases/tag/v3.7.4 Common Vulnerability Exposure (CVE) ID: CVE-2021-41190 https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TUZNDAH2B26VPBK342UC3BHZNLBUXGX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4334HT7AZPLWNYHW4ARU6JBUF3VZJPZN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YIGVQWOA5XXCQXEOOKZX4CDAGLBDRPRX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DX63GRWFEI5RVMYV6XLMCG4OHPWZML27/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQBCYJUIM5GVCMFUPRWKRZNXMMI5EFA4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZTO6N55WHKHIZI4IMLY2QFBPMVTAERM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RRFNTMFYKOTRKD37F5ANMCIO3GGJML/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4OJ764CKKCWCVONHD4YXTGR7HZ7LRUV/ https://github.com/opencontainers/distribution-spec/commit/ac28cac0557bcd3084714ab09f9f2356fe504923 http://www.openwall.com/lists/oss-security/2021/11/19/10 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |