Release Date: 2019-05-30
Updated: 2019-05-31
Affected Systems:
Apache Group Hadoop 3.0.0-alpha1 - 3.1.0
Apache Group Hadoop 2.9.0 - 2.9.1
Apache Group Hadoop 2.2.0 - 2.8.4
Systems affected:
Apache Group Hadoop 3.1.1
Apache Group Hadoop 2.9.2
Apache Group Hadoop 2.8.5
description:
ID BUGTRAQ: 108518
CVE (CAN) ID: CVE-2018-8029
the Apache Hadoop is a US Apache (Apache) distributed system architecture of a set of open source Software Foundation. The product can be distributed processing large amounts of data, and having a high reliability, scalability, fault tolerance and other characteristics.
In Apache Hadoop 3.1.0 to version 3.0.0-alpha1, version 2.9.0 to 2.9.1, 2.2.0 to 2.8.4 version, there is a remote privilege escalation vulnerability. If an attacker can upgrade to the yarn user, you can run arbitrary commands as root.
<* Source: Akira Ajisaka
*>
suggestions:
Manufacturers patch:
the Apache Group
------------
Current vendors have released an updated patch to fix the security issue, please go to the manufacturer's home page to download:
https://www.apache.org/security/projects .html