Joined: 12 May 2004
|Posted: Thu Jul 22, 2021 6:26 am Post subject: [ GLSA 202107-50 ] Singularity
|Gentoo Linux Security Advisory
Title: Singularity: Remote code execution (GLSA 202107-50)
A vulnerability in Singularity could result in remote code
Singularity is the container platform for performance sensitive
Vulnerable: < 3.7.4
Unaffected: >= 3.7.4
Architectures: All supported architectures
Singularity always uses the default remote endpoint,
‘cloud.syslabs.io’, for action commands using the ‘library://’
URI rather than the configured remote endpoint.
An attacker that that can push a malicious container to the default
remote endpoint could execute code on hosts that fetch the container.
There is no known workaround at this time.
All Singularity users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-cluster/singularity-3.7.4"