{"affected":[{"ecosystem_specific":{"binaries":[{"singularity":"3.7.3-bp152.2.19.3"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP2","name":"singularity","purl":"pkg:rpm/suse/singularity&distro=SUSE%20Package%20Hub%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.7.3-bp152.2.19.3"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for singularity fixes the following issues:\n\nsingularity was updated to version 3.7.3:\n\n- Fix for CVE-2021-29136:\n  A dependency used to extract docker/OCI image layers can be\n  tricked into modifying host files by creating a malicious layer\n  that has a symlink with the name '.' (or '/'), when running as root.\n","id":"openSUSE-SU-2021:0810-1","modified":"2021-05-30T12:05:05Z","published":"2021-05-30T12:05:05Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U5WJLLGD3LSUWRS73C4NPIWYTMST4QO5/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1184147"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-29136"}],"related":["CVE-2021-29136"],"summary":"Security update for singularity","upstream":["CVE-2021-29136"]}