Electric Coin Co. became aware of the following security announcement on the bitcoin-dev mailing list this morning (8th November): https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-November/017453.html
Upon investigation, the team found that versions of Zcashd prior to 2.1.0-1 suffered from the above bug, CVE-2017-18350. Nodes in the affected configuration could be compromised by an attacker executing arbitrary code in the context of the Zcashd daemon, allowing them to violate user privacy, steal user funds, or perform other unauthorized actions on the machine.
Zcashd version 2.1.0-1 contains a fix for this issue, and we recommend updating all affected nodes as soon as possible.