FEDORA-2018-e5a8b72d0d — security update for hadoop

stable

hadoop-2.7.6-4.fc28

FEDORA-2018-e5a8b72d0d created by ctubbsii 6 years ago for Fedora 28

Security fix for CVE-2018-8009

Version update to 2.7.6. Fixes many open CVEs and bugs.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2018-e5a8b72d0d

This update has been submitted for testing by ctubbsii.

6 years ago

This update has obsoleted hadoop-2.7.6-2.fc28, and has inherited its bugs and notes.

6 years ago

This update has been pushed to testing.

6 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

6 years ago

This update has been submitted for batched by ctubbsii.

6 years ago

This update has been submitted for stable by bodhi.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata

Type

security

Severity

low

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

disabled

Dates

submitted

6 years ago

in testing

6 years ago

in stable

6 years ago

Builds

hadoop-2.7.6-4.fc28

BZ#1516399 CVE-2017-3166 hadoop: Privilege escalation in YARN's localization mechanism [fedora-all]

BZ#1537786 CVE-2017-15713 hadoop: Information disclosure in MapReduce job history server [fedora-all]

BZ#1539513 CVE-2017-15718 hadoop: YARN NodeManager can leak the password for the credential store provider [fedora-all]

BZ#1552964 FTBFS: Hadoop fails to build with Guava 24

BZ#1555868 hadoop: FTBFS in F28

BZ#1575107 CVE-2016-6811 hadoop: privilege escalation to root [fedora-all]

BZ#1593020 CVE-2018-8009 hadoop: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file [fedora-all]

hadoop-2.7.6-4.fc28

Automated Test Results

ignored