Fedora 28: hadoop Security Update 2018-e5a8b72d0d
Summary
Apache Hadoop is a framework that allows for the distributed processing of
large data sets across clusters of computers using simple programming models.
It is designed to scale up from single servers to thousands of machines, each
offering local computation and storage.
Security fix for CVE-2018-8009 ---- Version update to 2.7.6. Fixes many open
CVEs and bugs.
* Fri Jul 6 2018 Christopher Tubbs
- Disable container-executor builds (rhbz#1597446 not fixed on s390x and armv7hl)
* Thu Jul 5 2018 Christopher Tubbs
- Fix rhbz#1597446 (container-executor builds) and rhbz#1593020 (CVE-2018-8009)
* Fri Jun 29 2018 Mike Miller
- Fix jetty version dependencies
* Wed Jun 27 2018 Mike Miller
- Upgrade to version 2.7.6
* Tue May 29 2018 Rafael dos Santos
- Use standard Fedora build/linker flags (rhbz#1540172)
* Wed Mar 7 2018 Christopher Tubbs
- Add gcc-c++ BuildRequires
* Wed Feb 7 2018 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
[ 1 ] Bug #1593020 - CVE-2018-8009 hadoop: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1593020
[ 2 ] Bug #1575107 - CVE-2016-6811 hadoop: privilege escalation to root [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1575107
[ 3 ] Bug #1555868 - hadoop: FTBFS in F28
https://bugzilla.redhat.com/show_bug.cgi?id=1555868
[ 4 ] Bug #1552964 - FTBFS: Hadoop fails to build with Guava 24
https://bugzilla.redhat.com/show_bug.cgi?id=1552964
[ 5 ] Bug #1539513 - CVE-2017-15718 hadoop: YARN NodeManager can leak the password for the credential store provider [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1539513
[ 6 ] Bug #1537786 - CVE-2017-15713 hadoop: Information disclosure in MapReduce job history server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1537786
[ 7 ] Bug #1516399 - CVE-2017-3166 hadoop: Privilege escalation in YARN's localization mechanism [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1516399
su -c 'dnf upgrade --advisory FEDORA-2018-e5a8b72d0d' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAN65UU2GAYHTIGHR5BDCMBJAFLLFGLM/
FEDORA-2018-e5a8b72d0d 2018-07-15 03:31:33.191660 Product : Fedora 28 Version : 2.7.6 Release : 4.fc28 URL : https://hadoop.apache.org Summary : A software platform for processing vast amounts of data Description : Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers using simple programming models. It is designed to scale up from single servers to thousands of machines, each offering local computation and storage. Security fix for CVE-2018-8009 ---- Version update to 2.7.6. Fixes many open CVEs and bugs. * Fri Jul 6 2018 Christopher Tubbs - 2.7.6-4 - Disable container-executor builds (rhbz#1597446 not fixed on s390x and armv7hl) * Thu Jul 5 2018 Christopher Tubbs - 2.7.6-3 - Fix rhbz#1597446 (container-executor builds) and rhbz#1593020 (CVE-2018-8009) * Fri Jun 29 2018 Mike Miller - 2.7.6-2 - Fix jetty version dependencies * Wed Jun 27 2018 Mike Miller - 2.7.6-1 - Upgrade to version 2.7.6 * Tue May 29 2018 Rafael dos Santos - 2.7.3-10 - Use standard Fedora build/linker flags (rhbz#1540172) * Wed Mar 7 2018 Christopher Tubbs - 2.7.3-9 - Add gcc-c++ BuildRequires * Wed Feb 7 2018 Fedora Release Engineering - 2.7.3-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [ 1 ] Bug #1593020 - CVE-2018-8009 hadoop: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1593020 [ 2 ] Bug #1575107 - CVE-2016-6811 hadoop: privilege escalation to root [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1575107 [ 3 ] Bug #1555868 - hadoop: FTBFS in F28 https://bugzilla.redhat.com/show_bug.cgi?id=1555868 [ 4 ] Bug #1552964 - FTBFS: Hadoop fails to build with Guava 24 https://bugzilla.redhat.com/show_bug.cgi?id=1552964 [ 5 ] Bug #1539513 - CVE-2017-15718 hadoop: YARN NodeManager can leak the password for the credential store provider [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1539513 [ 6 ] Bug #1537786 - CVE-2017-15713 hadoop: Information disclosure in MapReduce job history server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1537786 [ 7 ] Bug #1516399 - CVE-2017-3166 hadoop: Privilege escalation in YARN's localization mechanism [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1516399 su -c 'dnf upgrade --advisory FEDORA-2018-e5a8b72d0d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAN65UU2GAYHTIGHR5BDCMBJAFLLFGLM/
Change Log
References