Bug 1764650 (CVE-2018-11768)
Summary: | CVE-2018-11768 hadoop: user/group information corruption through fsimage storing and reading | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aileenc, bigdata-qe-bugs, bkearney, bmontgom, chazlett, ctubbsii, denis.arnaud_fedora, drieden, eparis, extras-orphan, ggaughan, hvyas, janstey, jburrell, jochrist, jokerman, jolee, jschatte, jstastny, jwon, milleruntime, nstielau, rhs-bugs, sd-operator-metering, sisharma, sponnaga, tflannag, tlestach |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Apache Hadoop 2.8.5, Apache Hadoop 2.9.2, Apache Hadoop 3.1.2 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-25 22:11:29 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1764651, 1776635, 1776640, 1777130 | ||
Bug Blocks: | 1764652 |
Description
Pedro Sampaio
2019-10-23 14:14:17 UTC
Created hadoop tracking bugs for this issue: Affects: fedora-all [bug 1764651] Statement: Hadoop is included in OpenShift Container Platform 4.2 and later as part of the metering operator. It's an optional feature that is not installed by default. This vulnerability is out of security support scope for the following products: * Red Hat JBoss Fuse 6 * Red Hat JBoss Data Virtualization & Services 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details. Marking Red Hat Jboss Fuse 7 as having a low impact, Fuse 7 distributes affected artifacts of hadoop hdfs, however its use in Fuse 7 camel-hdfs2 does not call upon the affected hdfs server components. We advise customers using hadoop to investigate the usage of the hadoop server/Datanodes and ensure it is safe. |