Improper Validation of an Integrity Check Value Affecting github.com/sylabs/singularity/internal/pkg package, versions <3.6.0
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
21 Dec 2021
20 Dec 2021
How to fix?
github.com/sylabs/singularity/internal/pkg to version 3.6.0 or higher.
Affected versions of this package are vulnerable to Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.