This update for apptainer fixes the following issues:
- Make sure, digest values handled by the Go library
github.com/opencontainers/go-digest and used throughout the
Go-implemented containers ecosystem are always validated. This prevents
attackers from triggering unexpected authenticated registry accesses.
(CVE-2024-3727, boo#1224114).
- Updated apptainer to version 1.3.0
* FUSE mounts are now supported in setuid mode, enabling full
functionality even when kernel filesystem mounts are insecure due to
unprivileged users having write access to raw filesystems in
containers. When allow `setuid-mount extfs = no` (the default) in
apptainer.conf, then the fuse2fs image driver will be used to mount
ext3 images in setuid mode instead of the kernel driver (ext3 images
are primarily used for the `--overlay` feature), restoring
functionality that was removed by default in Apptainer 1.1.8 because
of the...
Read the Full AdvisoryPatch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2024-244=1
- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):
libsquashfuse0-0.5.0-bp155.2.1
libsquashfuse0-debuginfo-0.5.0-bp155.2.1
squashfuse-0.5.0-bp155.2.1
squashfuse-debuginfo-0.5.0-bp155.2.1
squashfuse-debugsource-0.5.0-bp155.2.1
squashfuse-devel-0.5.0-bp155.2.1
squashfuse-tools-0.5.0-bp155.2.1
squashfuse-tools-debuginfo-0.5.0-bp155.2.1
- openSUSE Backports SLE-15-SP5 (aarch64 x86_64):
apptainer-1.3.0-bp155.3.3.2
- openSUSE Backports SLE-15-SP5 (noarch):
apptainer-leap-1.3.0-bp155.3.3.2
apptainer-sle15_5-1.3.0-bp155.3.3.2
apptainer-sle15_6-1.3.0-bp155.3.3.2
https://www.suse.com/security/cve/CVE-2023-30549.html
https://www.suse.com/security/cve/CVE-2023-38496.html
https://www.suse.com/security/cve/CVE-2024-3727.html
https://bugzilla.suse.com/1221364
https://bugzilla.suse.com/1224114
Get the latest Linux and open source security news straight to your inbox.