Skip to content

SingularityCE 4.1.1
Compare
Choose a tag to compare
@dtrudg dtrudg released this 01 Feb 11:42
· 232 commits to main since this release
v4.1.1
6be0318
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

SingularityCE 4.1.1 is a patch release in the 4.1 series, including security and bug fixes.

Security Related Fixes

  • Update github.com/moby/buildkit dependency, used for --oci Dockerfile builds, addressing the following upstream CVEs:
    • CVE-2024-23650 Possible panic when incorrect parameters sent from frontend
    • CVE-2024-23651 Possible race condition with accessing subpaths from cache mounts.
    • CVE-2024-23652 Possible host system access from mount stub cleaner.
    • CVE-2024-23653 Interactive containers API does not validate entitlements check.

Note also that in OCI-Mode, SingularityCE may call out to runc versions vulnerable to CVE-2024-21626. runc is not bundled with SingularityCE, and should be updated via your Linux distribution's package manager, or manually.

Bug Fixes

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Source Code

Please use the singularity-ce-4.1.1.tar.gz download below to obtain and install SingularityCE 4.1.1. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Packages

RPM / DEB packages are provided for:

  • Ubuntu 20.04 (focal)
  • Ubuntu 22.04 (jammy)
  • RHEL/CentOS 7 (el7)
  • RHEL/CentOS/AlmaLinux/Rocky 8 (el8)
  • RHEL/CentOS/AlmaLinux/Rocky 9 (el9)

These packages were built with Go 1.21.6

Assets 9
0 Join discussion