Bug 21999

Summary: hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009, CVE-2018-11767, CVE-2018-8029, CVE-2018-1176[58], CVE-2020-9492
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Nicolas Lécureuil <mageia>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: geiger.david68210
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: hadoop-2.7.3-1.mga6.src.rpm CVE:
Status comment: Fixed upstream in 2.10.1

Description David Walser 2017-11-09 17:55:20 CET 
Upstream has announced a security issue on November 8:
http://openwall.com/lists/oss-security/2017/11/08/3

The issue is fixed in 2.7.4.

Mageia 6 is also affected.
David Walser 2017-11-09 17:55:33 CET

CC: (none) => geiger.david68210
Whiteboard: (none) => MGA6TOO

Comment 1 David Walser 2018-01-19 15:54:02 CET 
Upstream has announced a security issue today (January 19):
http://openwall.com/lists/oss-security/2018/01/19/7

The issue is fixed in 2.7.5.

Mageia 6 is also affected.

Summary: hadoop new security issue CVE-2017-3166 => hadoop new security issues CVE-2017-3166 and CVE-2017-15713

Comment 2 David Walser 2018-01-26 06:05:25 CET 
Upstream has issued an advisory on January 24:
http://openwall.com/lists/oss-security/2018/01/24/5

The issue is fixed in 2.7.5.

Mageia 6 is also affected.

Summary: hadoop new security issues CVE-2017-3166 and CVE-2017-15713 => hadoop new security issues CVE-2017-3166 and CVE-2017-1571[38]

David Walser 2018-02-02 18:19:30 CET

Status comment: (none) => Fixed upstream in 2.7.5

Comment 3 David Walser 2018-05-02 03:07:28 CEST 
Upstream has issued an advisory today (May 1):
http://openwall.com/lists/oss-security/2018/05/01/2

The issue is fixed in 2.7.4.

Mageia 6 is also affected.

Severity: normal => critical
Summary: hadoop new security issues CVE-2017-3166 and CVE-2017-1571[38] => hadoop new security issues CVE-2016-6811, CVE-2017-3166 and CVE-2017-1571[38]

Comment 4 David Walser 2018-07-17 16:23:34 CEST 
Fedora has issued an advisory on July 15:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TAN65UU2GAYHTIGHR5BDCMBJAFLLFGLM/

The issue is fixed in 2.7.6 plus a patch from Fedora:
https://src.fedoraproject.org/cgit/rpms/hadoop.git/commit/?h=f28&id=7367791e916b8770b2e422c70309502df554042c

Mageia 6 is also affected.

Status comment: Fixed upstream in 2.7.5 => Fixed upstream in 2.7.6 plus backported patch from Fedora
Summary: hadoop new security issues CVE-2016-6811, CVE-2017-3166 and CVE-2017-1571[38] => hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-8009

Comment 5 David Walser 2018-11-23 04:50:27 CET 
Finally an upstream advisory for CVE-2018-8009:
https://www.openwall.com/lists/oss-security/2018/11/22/2

Fixed upstream in 2.7.7 (which is now in Cauldron).

Status comment: Fixed upstream in 2.7.6 plus backported patch from Fedora => Fixed upstream in 2.7.7
Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)
Source RPM: hadoop-2.7.3-7.mga7.src.rpm => hadoop-2.7.3-1.mga6.src.rpm

Comment 6 David Walser 2018-12-25 21:04:28 CET 
Fedora has issued an advisory for this on December 9:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MCCNTYHEER7RVSSVIDAED73EAUK6HWVE/
Comment 7 David Walser 2019-01-25 04:23:34 CET 
There's also CVE-2018-1296, fixed in 2.7.6:
https://www.openwall.com/lists/oss-security/2019/01/24/3

Summary: hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-8009 => hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009

Comment 8 David Walser 2019-03-12 12:59:13 CET 
CVE-2018-11767 is also fixed in 2.7.7:
https://www.openwall.com/lists/oss-security/2019/03/11/1

Summary: hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009 => hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009, CVE-2018-11767

Comment 9 David Walser 2019-05-30 13:47:15 CEST 
Upstream has issued an advisory today (May 30):
https://www.openwall.com/lists/oss-security/2019/05/30/1

The issue is fixed upstream in 2.8.5.

Summary: hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009, CVE-2018-11767 => hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009, CVE-2018-11767, CVE-2018-8029
Status comment: Fixed upstream in 2.7.7 => Fixed upstream in 2.8.5
Version: 6 => Cauldron
Whiteboard: (none) => MGA7TOO, MGA6TOO

Comment 10 David Walser 2019-10-04 14:21:29 CEST 
Upstream has issued an advisory today (October 4):
https://www.openwall.com/lists/oss-security/2019/10/04/1

The issue is fixed upstream in 2.8.5.

Summary: hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009, CVE-2018-11767, CVE-2018-8029 => hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009, CVE-2018-11767, CVE-2018-8029, CVE-2018-11768

Nicolas Lécureuil 2020-05-22 14:04:18 CEST

Whiteboard: MGA7TOO, MGA6TOO => MGA7TOO

Comment 11 David Walser 2020-09-28 16:07:36 CEST 
Upstream has issued an advisory today (September 28):
https://www.openwall.com/lists/oss-security/2020/09/28/1

The issue is fixed upstream in 2.10.0.

Summary: hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009, CVE-2018-11767, CVE-2018-8029, CVE-2018-11768 => hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009, CVE-2018-11767, CVE-2018-8029, CVE-2018-1176[58]
Status comment: Fixed upstream in 2.8.5 => Fixed upstream in 2.10.0

Comment 12 Nicolas Lécureuil 2020-12-26 23:24:06 CET 
Not in mageia 8

Version: Cauldron => 7
Whiteboard: MGA7TOO => (none)

Comment 13 David Walser 2021-01-26 18:21:29 CET 
Upstream has issued an advisory today (January 26):
https://www.openwall.com/lists/oss-security/2021/01/26/1

The issue is fixed upstream in 2.10.1.

Summary: hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009, CVE-2018-11767, CVE-2018-8029, CVE-2018-1176[58] => hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009, CVE-2018-11767, CVE-2018-8029, CVE-2018-1176[58], CVE-2020-9492
Status comment: Fixed upstream in 2.10.0 => Fixed upstream in 2.10.1

Comment 14 David Walser 2021-07-01 18:13:59 CEST 
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/

Resolution: (none) => OLD
Status: NEW => RESOLVED