Delivering Enhanced OCI Compatibility, Customizable Workflows, and Strengthened SecuritySylabs, a global leader in providing tools and services for performance-intensive container technology, today announces the release of SingularityCE 4.1.0, the newest iteration of...
There is no impact to systems that are not vulnerable to CVE-2022-1184. On systems that are vulnerable to CVE-2022-1184, a specially crafted extfs container image, or extfs overlay partition within a SIF file, may trigger a denial of service when run with SingularityCE / SingularityPRO in set-uid mode.
Sylabs’ opinion is that CVE-2023-30549 is a duplicate of CVE-2022-1184, and does not describe a security vulnerability in SingularityCE / SingularityPRO. The security vulnerability identified in the advisory is in the kernel, and must be patched there. It is also relevant to non-Singularity workflows, such as automatic or user-initiated mounts of USB drives under desktop environments.
- Singularity’s execution control list, that limits container execution to specifically signed containers, cannot be enforced.
- Encrypted SIF containers can no longer be utilized.
- Inability to use supplementary groups –
- Inability to use host filesystem ACLs –
Sylabs does not consider CVE-2023-30549 to be a vulnerability in Singularity. Systems should be patched regularly to ensure they are not susceptible to vulnerabilities such as CVE-2022-1184.
Join Our Mailing List
Overview Singularity Enterprise comes with a fully compliant Open Container Initiative (OCI) registry. The following is a collection of typical registry operations within your workflow. Assuming the Singularity Enterprise registry address is registry.sylabs.io, please...
Program Aims to Empower Next Generation of Container Technology ExpertsSylabs, a global leader in providing tools and services for performance-intensive container technology, today announces the comprehensive "Singularity Containers 101" curriculum. Using the...