Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 555
Alerts This Week
Warning Icon 1 555

Fedora 40: 2024-560a7aca85 Critical: Apptainer Resource Issues

fedora
Calendar Grey March 23, 2024
Dist Fedora Esm H88
The recent Fedora 40 update for Apptainer version 1.3.0 tackles significant security vulnerabilities associated with resource overconsumption and data handling practices.
Update to upstream 1.3.0, and security fixes for CVE-2024-28176 and CVE-2024-28180

Summary

Apptainer provides functionality to make portable

containers that can be used across host environments.

Update Information:

Update to upstream 1.3.0, and security fixes for CVE-2024-28176 and CVE-2024-28180

Change Log

* Wed Mar 13 2024 Dave Dykstra - 1.3.0 - Update to upstream 1.3.0

References


[ 1 ] Bug #2268820 - CVE-2024-28176 jose: resource exhaustion https://bugzilla.redhat.com/show_bug.cgi?id=2268820 [ 2 ] Bug #2268854 - CVE-2024-28180 jose-go: improper handling of highly compressed data https://bugzilla.redhat.com/show_bug.cgi?id=2268854

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-560a7aca85' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: apptainer
Product: Fedora 40
Version: 1.3.0
Release: 1.fc40
Summary: Application and environment virtualization formerly known as Singularity

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.