Apptainer: Privilege Escalation — GLSA 202311-13

A privilege escalation vulnerability has been discoverd in Apptainer.

Package	app-containers/apptainer on all architectures
Affected versions	< 1.1.8
Unaffected versions	>= 1.1.8

Apptainer is the container system for secure high-performance computing.

A vulnerability has been discovered in Apptainer. Please review the CVE identifier referenced below for details.

There is an ext4 use-after-free flaw that is exploitable in vulnerable versions.

There is no known workaround at this time.

All Apptainer users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-containers/apptainer-1.1.8"

Release date
November 25, 2023

Latest revision
November 25, 2023: 1

Severity
high

Exploitable
local

Bugzilla entries