Skip to content

Singularity 2.4.6 Release
Compare
Choose a tag to compare
@GodloveD GodloveD released this 06 Apr 22:40
· 9563 commits to master since this release
2.4.6
9ca70f5

This release addresses a high severity security issue with bind mounts on hosts using overlayfs. This fixes a vulnerability that could allow a malicious user to create files and directories outside of a Singularity container. Special thanks to Lars Viklund (HPC2N, Umeå University, Sweden) for identifying and helping test fixes for this bug.

But fixes include:

  • Fix for check_mounted() to check parent directories #1436
  • Free strdupped temporary variable in joinpath #1438

Please note that this release is being made with minimal community testing to allow administrators to expedite the patch process. Without full community testing, this release may not be completely stable. It's up to administrators to decide if they value stability or security when choosing whether to install 2.4.6.

And as always, report any bugs to:
https://github.com/singularityware/singularity/issues/new

Thanks!

Assets 3
Loading