1. Forum
  2. Usenet
  3. LINUX.GENTOO.ANNOUNCE

  • [gentoo-announce] [ GLSA 202311-13 ] Apptainer: Privilege Escalation

    From [email protected]@21:1/5 to All on Sat Nov 25 11:50:01 2023
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202311-13
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: High
    Title: Apptainer: Privilege Escalation
    Date: November 25, 2023
    Bugs: #905091
    ID: 202311-13

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    A privilege escalation vulnerability has been discoverd in Apptainer.

    Background
    ==========

    Apptainer is the container system for secure high-performance computing.

    Affected packages
    =================

    Package Vulnerable Unaffected
    ------------------------ ------------ ------------
    app-containers/apptainer < 1.1.8 >= 1.1.8

    Description
    ===========

    A vulnerability has been discovered in Apptainer. Please review the CVE identifier referenced below for details.

    Impact
    ======

    There is an ext4 use-after-free flaw that is exploitable in vulnerable versions.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All Apptainer users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-containers/apptainer-1.1.8"

    References
    ==========

    [ 1 ] CVE-2023-30549
    https://nvd.nist.gov/vuln/detail/CVE-2023-30549

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202311-13

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to [email protected] or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2023 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmVh0PgACgkQFMQkOaVy +9motg//RTETZ7k+q+27jV+9KsCa84CAfmxywKyL9KmqgV6c45EecRG4LfhAD+jq sgQvT8NihBsW2VuY48CPS744WKtB+aBztWYMSUyytIO7OopTTJwPYPhQZcjiI3b0 hk/ER3coUl1qwoom8cMxA2nk+EmoHVB3UWFNxjJkje7bkPbhZAsPwj1R7U/yThuW 3GmnB35+wTiZu5wEnqOvVgWonTeZOULlbEeQ7AyIlybNDkT/LJ89yOGMlsZ2MRx8 XCv/kwEeP/bseGVi6o/dJuRr4H5T4r+93MDAPQxSP8R2sevRhx0I5SDRoumJZsl+ Ii5F/WY+zOsLL0FdIpFWIY1uGdRYHstgA3o/CXr37LBbMV130NnwpZuSdWLE3y9I 3lG7eB5BDuv98uMMK722U2F/N8Ua4W/UQ5EhY4sB5gsAe+b7GpMA0wPh6oV5dqFi Qy+e6cs54rZwOlbQYQNiE3pRsuxygSPH7qmFiGmIIw+XViWpdLZkq95KsX0swkf2 hr4rehMAY+DeHtNKzcB1FkGiN+e3vdMLDy/hg9sSfJ9tluo0dAoJzDsMEk/TGJ4n /L9LgYjFO4O0tfDldmcF1kZYfy/wsmJ3HDGLzR1TXqqEwxnD3mL82CBkBoVr5NyJ 3gNfcwbHY4VvM32QcUoMK4Mp15WMe1Bw06brTrFqPM+Z2GpuMNA=
    =cgDG
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)