Info: Zenodo’s user support line is staffed on regular business days between Dec 23 and Jan 5. Response times may be slightly longer than normal.

Published April 6, 2021 | Version v3.7.3
Software Open

hpcng/singularity: Singularity 3.7.3

  • 1. Singularity Labs
  • 2. Facebook
  • 3. @sylabs
  • 4. Sylabs Inc

Description

Singularity 3.7.3 is a security release. We recommend all users upgrade to this version.

Security Related Fixes
  • CVE-2021-29136: A dependency used by Singularity to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." (or "/"), when running as root. This vulnerability affects a singularity build or singularity pull as root, from a docker or OCI source.
Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/hpcng/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Please use the singularity-3.7.3.tar.gz download below to obtain and install Singularity 3.7.3. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Files

hpcng/singularity-v3.7.3.zip

Files (2.2 MB)

Name Size Download all
md5:1aa3e14d687f8909833649dfdbf698db
2.2 MB Preview Download

Additional details

Related works