http://bugzilla.opensuse.org/show_bug.cgi?id=1159550 Bug ID: 1159550 Summary: VUL-0: CVE-2019-19724: singularity: Insecure permissions are set on $HOME/.singularity potentially to an information leak Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other URL: https://smash.suse.de/issue/249524/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: burnus@gmx.de Reporter: atoptsoglou@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2019-19724 Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19724 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19724 https://github.com/sylabs/singularity/releases/tag/v3.5.2 -- You are receiving this mail because: You are on the CC list for the bug.