Bug 1308835 (CVE-2015-1776)
Summary: | CVE-2015-1776 hadoop: disclosure of encrypted data in Hadoop MapReduce | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | besser82, coolsvap, ctubbsii, dkholia, matt, moceap, rrati |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | hadoop 2.7.2 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-10-13 11:18:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1308836 | ||
Bug Blocks: | 1308838 |
Description
Andrej Nemec
2016-02-16 09:10:16 UTC
Created hadoop tracking bugs for this issue: Affects: fedora-all [bug 1308836] This vulnerability apply to a feature added to Hadoop in 2.6.x versions, which are not available in Fedora, which currently packages 2.4.1. The workaround is to avoid using this feature. The vulnerability is addressed in 2.7.x. |