Published April 6, 2021
| Version v3.7.3
Software
Open
hpcng/singularity: Singularity 3.7.3
- 1. Singularity Labs
- 2. Facebook
- 3. @sylabs
- 4. Sylabs Inc
Description
Singularity 3.7.3 is a security release. We recommend all users upgrade to this version.
Security Related Fixes- CVE-2021-29136: A dependency used by Singularity to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." (or "/"), when running as root. This vulnerability affects a
singularity build
orsingularity pull
as root, from a docker or OCI source.
Thanks to our contributors for code, feedback and, testing efforts!
As always, please report any bugs to: https://github.com/hpcng/singularity/issues/new
If you think that you've discovered a security vulnerability please report it to: security@sylabs.io
Have fun!
DownloadsPlease use the singularity-3.7.3.tar.gz
download below to obtain and install Singularity 3.7.3. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.
Files
hpcng/singularity-v3.7.3.zip
Files
(2.2 MB)
Name | Size | Download all |
---|---|---|
md5:1aa3e14d687f8909833649dfdbf698db
|
2.2 MB | Preview Download |
Additional details
Related works
- Is supplement to
- https://github.com/hpcng/singularity/tree/v3.7.3 (URL)