Candidate: CVE-2018-19295
PublicDate: 2018-12-17 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19295
 https://www.openwall.com/lists/oss-security/2018/12/12/2
 https://bugzilla.novell.com/show_bug.cgi?id=1111411
Description:
 Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input
 Validation attacks.
Ubuntu-Description:
 It was discovered that Singularity incorrectly handled certain inputs. An
 attacker could possibly use this issue to obtain sensitive information.
Notes:
Bugs:
Priority: high
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_singularity-container:
 upstream: https://github.com/sylabs/singularity/commit/6ccf4f959dc3bc3bc8a58e5345730cd100a299b6
 upstream: https://github.com/sylabs/singularity/commit/7f0f10fc2237959c3407cc9f9d0d060b5ab71596
upstream_singularity-container: released (2.6.1-1)
precise/esm_singularity-container: DNE
trusty_singularity-container: DNE
trusty/esm_singularity-container: DNE
xenial_singularity-container: DNE
bionic_singularity-container: needed
cosmic_singularity-container: ignored (reached end-of-life)
disco_singularity-container: not-affected (2.6.1-2)
eoan_singularity-container: not-affected (2.6.1-2)
focal_singularity-container: DNE
groovy_singularity-container: DNE
hirsute_singularity-container: DNE
impish_singularity-container: DNE
jammy_singularity-container: DNE
devel_singularity-container: DNE