sylabs/singularity: SingularityCE 3.10.3
Authors/Creators
- Gregory M. Kurtzer1
- cclerget
- Dave Trudgian2
- Michael Bauer3
- Ian Kaneshiro
- David Godlove4
- Vanessasaurus
- Yannick Cote5
- Carlos Eduardo Arango Gutierrez
- Adam Hughes6
- Geoffroy Vallee7
- DrDaveD
- Justin Cook
- Jason Stover
- Brian P Bockelman8
- Marcelo Magallon9
- Jacob Chappell10
- Mike Frisch
- Daniele Tamino
- Carl Madison
- Sasha Yakovtseva
- Amanda Duffy11
- Satrajit Ghosh12
- VP
- Tru Huynh13
- Mike Gray14
- Yaroslav Halchenko15
- Felix Abecassis16
- 1. Singularity Labs
- 2. @sylabs
- 3. Relativity Space
- 4. Ctrl IQ
- 5. Red Hat
- 6. Sylabs Inc
- 7. @NVIDIA
- 8. Morgridge Institute for Research
- 9. @grafana
- 10. Chappell Consulting & Tutoring
- 11. Lenovo
- 12. MIT
- 13. Unité de Bioinformatique Structurale, Institut Pasteur
- 14. Self
- 15. Dartmouth College, @Debian, @DataLad, @PyMVPA, @fail2ban
- 16. NVIDIA
Description
SingularityCE 3.10.3 is a security and bugfix release in the 3.10 series. It fixes a vulnerability related to the verification of SIF container image signatures, in the github.com/sylabs/sif dependency, by updating to sif v2.8.1.
We encourage all users to upgrade. Please see the details and CVE/GHSA link below for more information about the vulnerability.
Security Related Fixes- CVE-2022-39237: The github.com/sylabs/sif/v2 dependency included in SingularityCE <=3.10.3 does not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. This release updates to sif v2.8.1 which corrects this issue. See the linked advisory for references and a workaround.
- Ensure bootstrap_history directory is populated with previous definition files, present in source containers used in a build.
Thanks to our contributors for code, feedback and, testing efforts!
As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new
If you think that you've discovered a security vulnerability please report it to: security@sylabs.io
Have fun!
DownloadsSource Code
Please use the singularity-ce-3.10.3.tar.gz download below to obtain and install SingularityCE 3.10.3. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.
Packages
RPM / DEB packages are provided for:
- Ubuntu 18.04 (bionic)
- Ubuntu 20.04 (focal)
- Ubuntu 22.04 (jammy)
- RHEL/CentOS 7 (el7)
- RHEL/CentOS/AlmaLinux/Rocky 8 (el8)
- RHEL/CentOS/AlmaLinux/Rocky 9 (el9)
These packages were built with Go 1.19.2
Files
sylabs/singularity-v3.10.3.zip
Files
(5.6 MB)
| Name | Size | Download all |
|---|---|---|
|
md5:e54f460567af585ff3dc4b810ce55c04
|
5.6 MB | Preview Download |
Additional details
Related works
- Is supplement to
- https://github.com/sylabs/singularity/tree/v3.10.3 (URL)