Singularity 3.7.3 Security Release

22 views
Skip to first unread message

David Trudgian

unread,
Apr 6, 2021, 5:57:56 PM4/6/21
to singularity
https://github.com/hpcng/singularity/releases/tag/v3.7.3

Singularity 3.7.3 is a security release. We recommend all users upgrade to this version.

Security Related Fixes
  • CVE-2021-29136: A dependency used by Singularity to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." (or "/"), when running as root. This vulnerability affects a singularity build or singularity pull as root, from a docker or OCI source.
Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/hpcng/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: secu...@sylabs.io

Have fun!

Reply all
Reply to author
Forward
0 new messages