SingularityPRO 3.5-9 Security Release



SingularityPRO 3.5-9 is a security release for SingularityPRO 3.5. It addresses an issue affecting the OCI distribution-spec / image-spec, by updating dependencies that SingularityPRO uses to retrieve OCI images from registries.

Security Fixes

  • CVE-2021-41190 / GHSA-77vh-xpmg-72qh: OCI specifications allow ambiguous documents that contain both "manifests" and "layers" fields. Interpretation depends on the presence / value of a Content-Type header. SingularityPRO dependencies handling the retrieval of OCI images have been updated to versions that reject ambiguous documents.

Installation / Upgrade


Installation and upgrade instructions, repository access, and admin/user guides can be found on your customer access page at:


https://repo.sylabs.io/c/<customer-id>


Find your personalized link including the customer-id in your original customer welcome email. Installation pages are provided for RHEL, SLES and Ubuntu. Detailed installation and upgrade instructions can also be found in the admin guide linked from your customer page.



Support


If you have any questions about this release, or require assistance with installation or upgrades please contact your reseller or Sylabs support via [email protected]