934141 – (CVE-2024-3727) <app-containers/apptainer-1.3.2: unexpected authenticated registry access vulnerability in bundled library containers/image

Bug 934141 (CVE-2024-3727) - <app-containers/apptainer-1.3.2: unexpected authenticated registry access vulnerability in bundled library containers/image

Summary: <app-containers/apptainer-1.3.2: unexpected authenticated registry access vul...

Status:	CONFIRMED

Alias:	CVE-2024-3727

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://github.com/advisories/GHSA-6w...
Whiteboard:
Keywords:

Depends on:	934142
Blocks:
	Show dependency tree

Reported:	2024-06-12 13:01 UTC by Marek Szuba
Modified:	2024-06-28 11:05 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marek Szuba (RETIRED) archtester

2024-06-12 13:01:07 UTC

Fixed in apptainer-1.3.2, which I am about to push to the tree.

Comment 1 Larry the Git Cow gentoo-dev

2024-06-13 11:37:15 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c657731a4add4f9d49bdaad3cabbfe31352d1c37

commit c657731a4add4f9d49bdaad3cabbfe31352d1c37
Author:     Marek Szuba <marecki@gentoo.org>
AuthorDate: 2024-06-13 10:41:24 +0000
Commit:     Marek Szuba <marecki@gentoo.org>
CommitDate: 2024-06-13 11:36:54 +0000

    app-containers/apptainer: drop 1.3.0
    
    No versions vulnerable to CVE-2024-3727 left in the tree.
    
    Bug: https://bugs.gentoo.org/934141
    Signed-off-by: Marek Szuba <marecki@gentoo.org>

 app-containers/apptainer/Manifest               |  1 -
 app-containers/apptainer/apptainer-1.3.0.ebuild | 92 -------------------------
 2 files changed, 93 deletions(-)