Source: nomad Version: 0.12.9+dfsg1-3 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for nomad. CVE-2021-3283[0]: | HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task | drivers can access processes associated with other tasks on the same | node. Fixed in 0.12.10, and 1.0.3. Some details are in [1] and said to be fixed in 0.12.10 for nomad. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-3283 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3283 [1] https://discuss.hashicorp.com/t/hcsec-2021-01-nomad-s-exec-and-java-task-drivers-did-not-isolate-processes/20332 Regards, Salvatore
