Your message dated Mon, 12 Jan 2026 20:48:34 +0000
with message-id <[email protected]>
and subject line Bug#1121844: fixed in apptainer 1.4.5-1
has caused the Debian Bug report #1121844,
regarding apptainer: CVE-2025-65105
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1121844: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121844
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: apptainer
Version: 1.4.4-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for apptainer.
CVE-2025-65105[0]:
| Apptainer is an open source container platform. In Apptainer
| versions less than 1.4.5, a container can disable two of the forms
| of the little used --security option, in particular the forms
| --security=apparmor:<profile> and --security=selinux:<label> which
| otherwise put restrictions on operations that containers can do. The
| --security option has always been mentioned in Apptainer
| documentation as being a feature for the root user, although these
| forms do also work for unprivileged users on systems where the
| corresponding feature is enabled. Apparmor is enabled by default on
| Debian-based distributions and SElinux is enabled by default on
| RHEL-based distributions, but on SUSE it depends on the distribution
| version. This vulnerability is fixed in 1.4.5.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-65105
https://www.cve.org/CVERecord?id=CVE-2025-65105
[1]
https://github.com/apptainer/apptainer/security/advisories/GHSA-j3rw-fx6g-q46j
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: apptainer
Source-Version: 1.4.5-1
Done: Mathias Gibbens <[email protected]>
We believe that the bug you reported is fixed in the latest version of
apptainer, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mathias Gibbens <[email protected]> (supplier of updated apptainer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 12 Jan 2026 20:30:42 +0000
Source: apptainer
Architecture: source
Version: 1.4.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <[email protected]>
Changed-By: Mathias Gibbens <[email protected]>
Closes: 1121844
Changes:
apptainer (1.4.5-1) unstable; urgency=medium
.
* Team upload
* New upstream release:
- Includes fix for CVE-2025-65105 (Closes: #1121844)
- Cherry-pick another upstream patch for newer versions of umoci
* d/control:
- Update Standards-Version to 4.7.3, drop Priority field
- Update Build-Depends
- Add missing Static-Built-Using
* Fix whitespace formatting in d/u/metadata
Checksums-Sha1:
b3ac0d6505ed07079a5bca3f149ceed9335274ad 4034 apptainer_1.4.5-1.dsc
d17d88cf8a4173975170d816eb7737b30a432782 5196983 apptainer_1.4.5.orig.tar.gz
9cd244ae52d267b5307c70d3b8de65ef78163c2e 14856 apptainer_1.4.5-1.debian.tar.xz
92d38c204d81c23358f201a5a0bc123246238d15 38668
apptainer_1.4.5-1_amd64.buildinfo
Checksums-Sha256:
d9a936d34083ff26cbe668910a1f35702bb40c0f3d76eac652cec89efaacda3f 4034
apptainer_1.4.5-1.dsc
9eb496fe0e3d98e68e66e8796290fe9f7185315fdf8a3f77b7964ef1f4abbb57 5196983
apptainer_1.4.5.orig.tar.gz
ac92c4b03c88fdb6fe2d4ad6e9dc76bd8137697110ff7a5b9674c1fb4d5b8b00 14856
apptainer_1.4.5-1.debian.tar.xz
e9327948bf631457a4ad6fd21596334156bfce908341cecd6e36804a174d75ee 38668
apptainer_1.4.5-1_amd64.buildinfo
Files:
08f14d930abbbeac0eea498ad0db941c 4034 admin optional apptainer_1.4.5-1.dsc
3dc990ba8a68d183f9f12dfa7e2edd94 5196983 admin optional
apptainer_1.4.5.orig.tar.gz
171d2be02d7b10f08fbb4a96e5041bcd 14856 admin optional
apptainer_1.4.5-1.debian.tar.xz
8c2fa1b01a474a821834d3bec30d1d85 38668 admin optional
apptainer_1.4.5-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEE1Bp60H32xfynSJ8cKe7i1uz0QvkFAmllW30SHGdpYm1hdEBk
ZWJpYW4ub3JnAAoJECnu4tbs9EL5AqcP/AwGcfERwQ2+iPN0dRHJgnn1dlG/Ct2j
EOlz4IR4ZiXM3ZSEzlyP1SS1si7FfJA1+IHP0ka1kJS5FweJgerrZNWmuhWonhAu
lkbGzFgraNYBiIzwvj+NykshCNCu8YW4tEcRSqi4HSPL2pey2p3MvS6FxJpWOKFV
JbeNQXuPfVJXHRFONAVGSy+K7Mll4DW/tsjq3ClwONvbn0+MfycsTAgFG1HAp5B6
8RvlafBt7DfhQBPQ4cuJmBLl9rmrDs/UgUVD03jNpNiut+Ea0BbvZR7Ef72wGKwV
HuE0C4yYBesvZQV5tYvekqWhWbXGZe7DwRfqsZBOG2B+8uFLB/KdzLF8mBKWfhZM
gMy8xcgrMYp9IauAUnBHo8/lxmTafQC7Gy0JhQyqNXSyOIL3vluQrvr1pOtA5kgj
mx8O/0eb8NM8KCirpiG6sE0DawaHw5aDaNU/sVwBtg2znzQIsD2dIgIDE6GfX6A6
hnr7ARTdRJLb5/x81s7wddBUfxAJ18cOz0WsfavBfM3rbTq9bJ0b822C3IUtfrJf
Ir9JUf4uqb8Wuq1qP5WElhsUp0JnKul+3xcWQKn67skQySHyJ1qQCN/n8ARwDktF
iZJ9ZGRJoJQbtQfvgCuoM1SOpv2EZtf8Jz7iEfeN28JBCySNdnkvdH4l8OdGscyZ
xUFB+Z+a67v8
=h50G
-----END PGP SIGNATURE-----
pgpUg_6AG0L66.pgp
Description: PGP signature
--- End Message ---
