Thx was wondering when that was going to come out.
Sent from my Verizon Wireless 4G LTE smartphone -------- Original message -------- From: Andrew Musselman <[email protected]> Date: 11/28/2016 4:29 PM (GMT-08:00) To: [email protected] Subject: Fwd: CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability ---------- Forwarded message ---------- From: Roman Shaposhnik <[email protected]> Date: Mon, Nov 28, 2016 at 4:09 PM Subject: Fwd: CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability To: "[email protected]" <[email protected]>, "[email protected]" <[email protected]> FYI ---------- Forwarded message ---------- From: Yongjun Zhang <[email protected]> Date: Mon, Nov 28, 2016 at 4:04 PM Subject: CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability To: [email protected], [email protected], [email protected], [email protected] Hi, Please see below the official announcement of a critical security vulnerability that's discovered and subsequently fixed in Apache Hadoop releases. Thanks and best regards, --Yongjun ---------- CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Hadoop 2.6.x, 2.7.x Description: A remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands as the hdfs user. Mitigation: 2.7.x users should upgrade to 2.7.3 2.6.x users should upgrade to 2.6.5 Impact: A remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as HDFS service. Credit: This issue was discovered by Freddie Rice. ----------
