Skip to content

Singularity 2.2.1 Security Release

Choose a tag to compare

View all tags
@gmkurtzer gmkurtzer released this 14 Feb 15:35
· 12250 commits to master since this release
2.2.1
8755ff1

This release includes a fix for a Moderate Severity security issue, and other improvements to version 2.2.

Security information:

In versions of Singularity previous to 2.2.1, it was possible for a malicious user to create and manipulate specifically crafted raw devices within containers they own. Utilizing MS_NODEV as a container image mount option mitigates this potential vector of attack. As a result, this update should be implemented with high urgency. A big thanks to Mattias Wadenstein (@umu in Sweden) for identifying and reporting this issue!

Other improvements:

  • Fixed some leaky file descriptors
  • Cleaned up *printf() usage
  • Catch if user's group is not properly defined
  • Fixed Docker Hub redirects

Please report any additional bugs to:
https://github.com/singularityware/singularity/issues/new

Thank you!

Assets 3
Loading