Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 925029 (CVE-2024-1329)

Summary: sys-cluster/nomad: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: trivial CC: williamh
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~3 [ebuild]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 925028    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2024-02-20 01:36:57 UTC 
CVE-2024-1329 (https://discuss.hashicorp.com/t/hcsec-2024-03-nomad-vulnerable-to-arbitrary-write-through-symlink-attack):

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14.

Please bump to 1.6.7.