Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 768309 (CVE-2021-3283)

Summary: <sys-cluster/nomad-1.0.4: improper task access control (CVE-2021-3283)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: williamh
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-02-02 04:23:46 UTC 
CVE-2021-3283 (https://discuss.hashicorp.com/t/hcsec-2021-01-nomad-s-exec-and-java-task-drivers-did-not-isolate-processes/20332):

HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3.


Please bump.
Comment 1 Larry the Git Cow gentoo-dev 2021-03-01 22:27:53 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fee7adf5f060a26b44b1ebbe32a5956b374fcc64

commit fee7adf5f060a26b44b1ebbe32a5956b374fcc64
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2021-03-01 22:25:58 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2021-03-01 22:27:47 +0000

    sys-cluster/nomad: remove vulnerable versions
    
    Bug: https://bugs.gentoo.org/768309
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 sys-cluster/nomad/Manifest            |  2 --
 sys-cluster/nomad/nomad-0.12.8.ebuild | 45 -----------------------------------
 sys-cluster/nomad/nomad-1.0.1.ebuild  | 45 -----------------------------------
 3 files changed, 92 deletions(-)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-03-01 22:36:49 UTC 
Thank you!
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-07-25 01:05:15 UTC 
Whoops, never closed this :(