Skip to content

SingularityCE 3.10.5
Compare
Choose a tag to compare
@dtrudg dtrudg released this 17 Jan 14:53
· 1804 commits to main since this release
v3.10.5
25989db
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

SingularityCE 3.10.5 is a security release in the 3.10 series.

We encourage all users to upgrade. Please see the details and CVE/GHSA link below for more information about the vulnerability.

Security Related Fixes

  • CVE-2022-23538: The github.com/sylabs/scs-library-client dependency included in SingularityCE >=3.10.0, <3.10.5 may leak user credentials to a third-party service via HTTP redirect. This issue is limited to library:// access to specific Singularity Enterprise 1.x or 3rd party library configurations, which plement a concurrent multi-part download flow. Access to Singularity Enterprise 2.x, or Singularity Container Services (cloud.sylabs.io), does not trigger the vulnerable flow. See the linked advisory for full details.

Commit 7b841c5 updates the dependency, bringing in the fix.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Source Code

Please use the singularity-ce-3.10.5.tar.gz download below to obtain and install SingularityCE 3.10.5. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Packages

RPM / DEB packages are provided for:

  • Ubuntu 18.04 (bionic)
  • Ubuntu 20.04 (focal)
  • Ubuntu 22.04 (jammy)
  • RHEL/CentOS 7 (el7)
  • RHEL/CentOS/AlmaLinux/Rocky 8 (el8)
  • RHEL/CentOS/AlmaLinux/Rocky 9 (el9)

These packages were built with Go 1.19.5

Assets 10