{"affected":[{"ecosystem_specific":{"binaries":[{"libsingularity1":"2.6.1-14.1","singularity":"2.6.1-14.1","singularity-devel":"2.6.1-14.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12 SP3","name":"singularity","purl":"pkg:rpm/suse/singularity&distro=SUSE%20Package%20Hub%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.6.1-14.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for singularity to version 2.6.1 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-19295: Mount points are not mounted with shared mount propagation by default anymore, as this may result in privilege escalation (boo#1111411).\n- CVE-2018-12021: Fixed a incorrect access control issues on systems supporting overlay file system (boo#1100333).\n","id":"openSUSE-SU-2019:0095-1","modified":"2019-01-29T08:15:08Z","published":"2019-01-29T08:15:08Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KH5E4NYDJ6ZUYYZSVAG3DF25JMTPPTBW/#KH5E4NYDJ6ZUYYZSVAG3DF25JMTPPTBW"},{"type":"REPORT","url":"https://bugzilla.suse.com/1100333"},{"type":"REPORT","url":"https://bugzilla.suse.com/1111411"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12021"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19295"}],"related":["CVE-2018-12021","CVE-2018-19295"],"summary":"Security update for singularity","upstream":["CVE-2018-12021","CVE-2018-19295"]}