Singularity Image Format Encryption Problem Vulnerability

Singularity Image Format is a compressed squashfs file system from Singularity that has a block organization structure, including metadata and definition files for containers, first labels, partition contents, signatures (if they exist), and, of course, the containers for the binaries themselves. Versions of Singularity Image Format prior to 2.8.1 are vulnerable to cryptographic issues, stemming from a vulnerability in the “github.com/sylabs/sif/v2/pkg/integrity” package that does not validate the hash used when verifying digital signatures. algorithm is secure. An attacker could exploit the vulnerability to bypass digital signatures.