Skip to content

SingularityCE 3.10.3

Choose a tag to compare

View all tags
@dtrudg dtrudg released this 06 Oct 13:00
· 2548 commits to main since this release
v3.10.3
6373436
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

SingularityCE 3.10.3 is a security and bugfix release in the 3.10 series. It fixes a vulnerability related to the verification of SIF container image signatures, in the github.com/sylabs/sif dependency, by updating to sif v2.8.1.

We encourage all users to upgrade. Please see the details and CVE/GHSA link below for more information about the vulnerability.

Security Related Fixes

  • CVE-2022-39237: The github.com/sylabs/sif/v2 dependency included in SingularityCE <=3.10.3 does not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. This release updates to sif v2.8.1 which corrects this issue. See the linked advisory for references and a workaround.

Bug Fixes

  • Ensure bootstrap_history directory is populated with previous definition files, present in source containers used in a build.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: [email protected]

Have fun!

Downloads

Source Code

Please use the singularity-ce-3.10.3.tar.gz download below to obtain and install SingularityCE 3.10.3. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Packages

RPM / DEB packages are provided for:

  • Ubuntu 18.04 (bionic)
  • Ubuntu 20.04 (focal)
  • Ubuntu 22.04 (jammy)
  • RHEL/CentOS 7 (el7)
  • RHEL/CentOS/AlmaLinux/Rocky 8 (el8)
  • RHEL/CentOS/AlmaLinux/Rocky 9 (el9)

These packages were built with Go 1.19.2

Assets 10
Loading