Singularity 2.2.1 Security Release
For the full release announcement and downloads, please see the release on Github.
This release includes a fix for a Moderate Severity security issue, and other improvements to version 2.2.
Security information:
In versions of Singularity previous to 2.2.1, it was possible for a malicious user to create and manipulate specifically crafted raw devices within containers they own. Utilizing MS_NODEV
as a container image mount option mitigates this potential vector of attack. As a result, this update should be implemented with high urgency. A big thanks to Mattias Wadenstein (@UMU in Sweden) for identifying and reporting this issue!
Other improvements:
- Fixed some leaky file descriptors
- Cleaned up
*printf()
usage - Catch if user’s group is not properly defined
Please report any additional bugs as issues.
Thank you!