changelog GH-5728

2019-06-04 15:11:00 -04:00 · 2019-06-04 15:11:00 -04:00 · df09e39f12
parent 3d9967fc5a
commit df09e39f12
1 changed files with 8 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,13 @@
 ## 0.9.2 (Unreleased)

+SECURITY:
+
+* driver/exec: Fix privilege escalation issue introduced in Nomad 0.9.0.  In
+  Nomad 0.9.0 and 0.9.1, exec tasks by default run as `nobody` but with
+  elevated capabilities, allowing tasks to perform privileged linux operations
+  and potentially escalate permissions. (CVE-2019-12618)
+  [[GH-5728](https://github.com/hashicorp/nomad/pull/5728)]
+
 __BACKWARDS INCOMPATIBILITIES:__

 * api: The `api` package removed `Config.SetTimeout` and `Config.ConfigureTLS` functions, intended