Main Vulnerability Database SB2020092515

SB2020092515 - OpenSUSE Linux update for singularity

Published: September 25, 2020

Security Bulletin ID SB2020092515

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Incorrect default permissions (CVE-ID: CVE-2020-25039)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions on temporary directories used in fakeroot or user namespace container execution. A local user with access to the system can view contents of files and directories or modify them.

2) Incorrect default permissions (CVE-ID: CVE-2020-25040)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for temporary directories used in explicit and implicit container build operations. A local user with access to the system can view contents of files and directories or modify them.

Remediation

Install update from vendor's website.

References

https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00088.html