Skip to content

OSG-SEC-2018-12-12 Critical vulnerability in Singularity Update 2

Dear OSG Security Contacts,

This is a follow up on our previous announcement “OSG-SEC-2018-12-12 Critical vulnerability in Singularity”. The latest released version of singularity[1] fixes that OSG-SEC-2018-12-12 Critical vulnerability in Singularity.

Singularity 3.x is now considered ready for production use, and has been moved to the release repositories as of OSG Release 3.4.31 [2]. Singularity 3.x no longer contains a setuid binary for building container images, so it is no longer vulnerable to the above security flaw.


Use the following command to update Singularity to 3.2.1, which was released in OSG Release 3.4.31 [2]:

yum install singularity

Note that in Singularity 3.x, singularity-runtime has been merged into the main singularity package, so the above command will remove the singularity-runtime package if you have it installed.


[1] [2]

Please contact the OSG security team at [email protected] if you have any questions or concerns.

OSG Security Team