CVE-2021-3283 (https://discuss.hashicorp.com/t/hcsec-2021-01-nomad-s-exec-and-java-task-drivers-did-not-isolate-processes/20332): HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3. Please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fee7adf5f060a26b44b1ebbe32a5956b374fcc64 commit fee7adf5f060a26b44b1ebbe32a5956b374fcc64 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2021-03-01 22:25:58 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2021-03-01 22:27:47 +0000 sys-cluster/nomad: remove vulnerable versions Bug: https://bugs.gentoo.org/768309 Signed-off-by: William Hubbs <williamh@gentoo.org> sys-cluster/nomad/Manifest | 2 -- sys-cluster/nomad/nomad-0.12.8.ebuild | 45 ----------------------------------- sys-cluster/nomad/nomad-1.0.1.ebuild | 45 ----------------------------------- 3 files changed, 92 deletions(-)
Thank you!
Whoops, never closed this :(