21999 – hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009, CVE-2018-11767, CVE-2018-8029, CVE-2018-1176[58], CVE-2020-9492

Bug 21999 - hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009, CVE-2018-11767, CVE-2018-8029, CVE-2018-1176[58], CVE-2020-9492

Summary: hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], C...

Status:	RESOLVED OLD

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	7
Hardware:	All Linux

Priority:	Normal Severity: critical
Target Milestone:	---
Assignee:	Nicolas Lécureuil
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-11-09 17:55 CET by David Walser
Modified:	2021-07-01 18:13 CEST (History)
CC List:	1 user (show)

See Also:
Source RPM:	hadoop-2.7.3-1.mga6.src.rpm
CVE:
Status comment:	Fixed upstream in 2.10.1

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2017-11-09 17:55:20 CET

Upstream has announced a security issue on November 8:
http://openwall.com/lists/oss-security/2017/11/08/3

The issue is fixed in 2.7.4.

Mageia 6 is also affected.

David Walser 2017-11-09 17:55:33 CET

CC: (none) => geiger.david68210
Whiteboard: (none) => MGA6TOO

Comment 1 David Walser 2018-01-19 15:54:02 CET

Upstream has announced a security issue today (January 19):
http://openwall.com/lists/oss-security/2018/01/19/7

The issue is fixed in 2.7.5.

Mageia 6 is also affected.

Summary: hadoop new security issue CVE-2017-3166 => hadoop new security issues CVE-2017-3166 and CVE-2017-15713

Comment 2 David Walser 2018-01-26 06:05:25 CET

Upstream has issued an advisory on January 24:
http://openwall.com/lists/oss-security/2018/01/24/5

The issue is fixed in 2.7.5.

Mageia 6 is also affected.

Summary: hadoop new security issues CVE-2017-3166 and CVE-2017-15713 => hadoop new security issues CVE-2017-3166 and CVE-2017-1571[38]

David Walser 2018-02-02 18:19:30 CET

Status comment: (none) => Fixed upstream in 2.7.5

Comment 3 David Walser 2018-05-02 03:07:28 CEST

Upstream has issued an advisory today (May 1):
http://openwall.com/lists/oss-security/2018/05/01/2

The issue is fixed in 2.7.4.

Mageia 6 is also affected.

Severity: normal => critical
Summary: hadoop new security issues CVE-2017-3166 and CVE-2017-1571[38] => hadoop new security issues CVE-2016-6811, CVE-2017-3166 and CVE-2017-1571[38]

Comment 4 David Walser 2018-07-17 16:23:34 CEST

Fedora has issued an advisory on July 15:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TAN65UU2GAYHTIGHR5BDCMBJAFLLFGLM/

The issue is fixed in 2.7.6 plus a patch from Fedora:
https://src.fedoraproject.org/cgit/rpms/hadoop.git/commit/?h=f28&id=7367791e916b8770b2e422c70309502df554042c

Mageia 6 is also affected.

Status comment: Fixed upstream in 2.7.5 => Fixed upstream in 2.7.6 plus backported patch from Fedora
Summary: hadoop new security issues CVE-2016-6811, CVE-2017-3166 and CVE-2017-1571[38] => hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-8009

Comment 5 David Walser 2018-11-23 04:50:27 CET

Finally an upstream advisory for CVE-2018-8009:
https://www.openwall.com/lists/oss-security/2018/11/22/2

Fixed upstream in 2.7.7 (which is now in Cauldron).

Status comment: Fixed upstream in 2.7.6 plus backported patch from Fedora => Fixed upstream in 2.7.7
Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)
Source RPM: hadoop-2.7.3-7.mga7.src.rpm => hadoop-2.7.3-1.mga6.src.rpm

Comment 6 David Walser 2018-12-25 21:04:28 CET

Fedora has issued an advisory for this on December 9:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MCCNTYHEER7RVSSVIDAED73EAUK6HWVE/

Comment 7 David Walser 2019-01-25 04:23:34 CET

There's also CVE-2018-1296, fixed in 2.7.6:
https://www.openwall.com/lists/oss-security/2019/01/24/3

Summary: hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-8009 => hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009

Comment 8 David Walser 2019-03-12 12:59:13 CET

CVE-2018-11767 is also fixed in 2.7.7:
https://www.openwall.com/lists/oss-security/2019/03/11/1

Summary: hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009 => hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009, CVE-2018-11767

Comment 9 David Walser 2019-05-30 13:47:15 CEST

Upstream has issued an advisory today (May 30):
https://www.openwall.com/lists/oss-security/2019/05/30/1

The issue is fixed upstream in 2.8.5.

Summary: hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009, CVE-2018-11767 => hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009, CVE-2018-11767, CVE-2018-8029
Status comment: Fixed upstream in 2.7.7 => Fixed upstream in 2.8.5
Version: 6 => Cauldron
Whiteboard: (none) => MGA7TOO, MGA6TOO

Comment 10 David Walser 2019-10-04 14:21:29 CEST

Upstream has issued an advisory today (October 4):
https://www.openwall.com/lists/oss-security/2019/10/04/1

The issue is fixed upstream in 2.8.5.

Summary: hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009, CVE-2018-11767, CVE-2018-8029 => hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009, CVE-2018-11767, CVE-2018-8029, CVE-2018-11768

Nicolas Lécureuil 2020-05-22 14:04:18 CEST

Whiteboard: MGA7TOO, MGA6TOO => MGA7TOO

Comment 11 David Walser 2020-09-28 16:07:36 CEST

Upstream has issued an advisory today (September 28):
https://www.openwall.com/lists/oss-security/2020/09/28/1

The issue is fixed upstream in 2.10.0.

Summary: hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009, CVE-2018-11767, CVE-2018-8029, CVE-2018-11768 => hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009, CVE-2018-11767, CVE-2018-8029, CVE-2018-1176[58]
Status comment: Fixed upstream in 2.8.5 => Fixed upstream in 2.10.0

Comment 12 Nicolas Lécureuil 2020-12-26 23:24:06 CET

Not in mageia 8

Version: Cauldron => 7
Whiteboard: MGA7TOO => (none)

Comment 13 David Walser 2021-01-26 18:21:29 CET

Upstream has issued an advisory today (January 26):
https://www.openwall.com/lists/oss-security/2021/01/26/1

The issue is fixed upstream in 2.10.1.

Summary: hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009, CVE-2018-11767, CVE-2018-8029, CVE-2018-1176[58] => hadoop new security issues CVE-2016-6811, CVE-2017-3166, CVE-2017-1571[38], CVE-2018-1296, CVE-2018-8009, CVE-2018-11767, CVE-2018-8029, CVE-2018-1176[58], CVE-2020-9492
Status comment: Fixed upstream in 2.10.0 => Fixed upstream in 2.10.1

Comment 14 David Walser 2021-07-01 18:13:59 CEST

https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/

Resolution: (none) => OLD
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.