OPENSUSE-SU-2021:0810-1

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2021-29136

Published: 30 May 2021, 12:05

Last modified:04 Feb 2026, 03:58

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

30 May 2021, 12:05

Published

Vulnerability first disclosed

04 Feb 2026, 03:58

Last Modified

Vulnerability information updated

Description

Security update for singularity This update for singularity fixes the following issues: singularity was updated to version 3.7.3: - Fix for CVE-2021-29136: A dependency used to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name '.' (or '/'), when running as root.

Affected Systems

suse•singularity&distro=SUSE Package Hub 15 SP2
< 3.7.3-bp152.2.19.3

References (3)

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U5WJLLGD3LSUWRS73C4NPIWYTMST4QO5/
https://bugzilla.suse.com/1184147
https://www.suse.com/security/cve/CVE-2021-29136