This release addresses a high severity security issue with bind mounts on hosts using overlayfs. This fixes a vulnerability that could allow a malicious user to create files and directories outside of a Singularity container. Special thanks to Lars Viklund (HPC2N, Umeå University, Sweden) for identifying and helping test fixes for this bug.
But fixes include:
- Fix for check_mounted() to check parent directories #1436
- Free strdupped temporary variable in joinpath #1438 Please note that this release is being made with minimal community testing to allow administrators to expedite the patch process. Without full community testing, this release may not be completely stable. It’s up to administrators to decide if they value stability or security when choosing whether to install 2.4.6.
And as always, report any bugs to: https://github.com/singularityware/singularity/issues/new
For the full release announcement and downloads, please see the release on GitHub.