[Git][security-tracker-team/security-tracker][master] Add notes for nomad CVEs CVE-2022-24684 CVE-2022-24685 CVE-2021-43415

Neil Williams (@codehelp) Tue, 26 Apr 2022 04:20:27 -0700


Neil Williams pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8f68bed7 by Neil Williams at 2022-04-26T12:19:46+01:00
Add notes for nomad CVEs CVE-2022-24684 CVE-2022-24685 CVE-2021-43415

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14103,11 +14103,14 @@ CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 
0.3.0 through 1.0.17, 1.1.1
        - nomad <unfixed>
        NOTE: 
https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559
 CVE-2022-24685 (HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x 
before 1 ...)
-       - nomad <undetermined>
+       - nomad <unfixed>
        NOTE: 
https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561
+       NOTE: https://github.com/hashicorp/nomad/issues/12038
 CVE-2022-24684 (HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x 
before 1.1.1 ...)
-       - nomad <undetermined>
+       - nomad <unfixed>
        NOTE: 
https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562
+       NOTE: https://github.com/hashicorp/nomad/issues/12039
+       NOTE: 
https://github.com/hashicorp/nomad/commit/c49359ad58f0af18a5697a0b7b9b6cca9656d267
 (v1.2.6)
 CVE-2022-24683 (HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 
1.1.11, and ...)
        - nomad <unfixed>
        NOTE: 
https://discuss.hashicorp.com/t/hcsec-2022-02-nomad-alloc-filesystem-and-container-escape/35560
@@ -32729,9 +32732,11 @@ CVE-2021-43417
 CVE-2021-43416
        RESERVED
 CVE-2021-43415 (HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 
1.2.0, w ...)
-       - nomad <undetermined>
+       - nomad <unfixed>
        NOTE: 
https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288
-       TODO: check
+       NOTE: https://github.com/hashicorp/nomad/issues/11542
+       NOTE: https://github.com/hashicorp/nomad/pull/11554
+       NOTE: 
https://github.com/hashicorp/nomad/commit/40de248b940eb7babbd4a08ebe9d6874758f5285
 (v1.2.1)
 CVE-2021-43414 (An issue was discovered in GNU Hurd before 0.9 20210404-9. The 
use of  ...)
        - hurd 1:0.9.git20210404-9
 CVE-2021-43413 (An issue was discovered in GNU Hurd before 0.9 20210404-9. A 
single pa ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f68bed7f741d2ddf81d7b112042c4daffa05174

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f68bed7f741d2ddf81d7b112042c4daffa05174
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add notes for nomad CVEs CVE-2022-24684 CVE-2022-24685 CVE-2021-43415

Reply via email to