[ANN] Nomad 1.2.1, 1.1.8, and 1.0.14 Released

5 views
Skip to first unread message

Luiz Aoqui

unread,
Nov 22, 2021, 11:05:52 AM11/22/21
to hashicorp...@googlegroups.com

CVE-2021-43415 - QEMU tasks may gain access to host resources.


The QEMU driver allows arbitrary command line options, but many of these options give access to host resources that operators may not want to expose, such as devices. See https://github.com/hashicorp/nomad/issues/11542 for details.


Remediation


Users should upgrade to Nomad v1.2.1. Upgrading Nomad will allow configuring the QEMU task driver to restrict the list of arguments allowed to be specified in a task.


Links


1.2.1 Changelog - https://github.com/hashicorp/nomad/blob/v1.2.1/CHANGELOG.md

1.2.1 Binaries - https://releases.hashicorp.com/nomad/1.2.1/

1.1.8 Changelog - https://github.com/hashicorp/nomad/blob/v1.1.8/CHANGELOG.md

1.1.8 Binaries - https://releases.hashicorp.com/nomad/1.1.8/

1.0.14 Changelog - https://github.com/hashicorp/nomad/blob/v1.0.14/CHANGELOG.md

1.0.14 Binaries - https://releases.hashicorp.com/nomad/1.0.14/



Thanks,

The Nomad Team

Reply all
Reply to author
Forward
0 new messages