Review Request 56685: Document security issue related to setting security.agent.hostname.validate to false

Robert Levas Tue, 14 Feb 2017 14:07:18 -0800

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56685/
-----------------------------------------------------------


Review request for Ambari, Attila Magyar, Balázs Bence Sári, Eugene Chekanskiy, 
Laszlo Puskas, and Sebastian Toader.


Bugs: AMBARI-20018
    https://issues.apache.org/jira/browse/AMBARI-20018


Repository: ambari


Description
-------

Document security issue related to setting security.agent.hostname.validate to 
"false".

If set to "false", invalid hostnames may be used in OpenSSL commands used to 
create the agent-side certificates when 2-way SSL is enabled. This could lead 
to issues when executing OpenSSL as described in CVE-2014-3582. See 
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities.


Diffs
-----

  ambari-server/docs/configuration/index.md 50864f2 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 5020790 

Diff: https://reviews.apache.org/r/56685/diff/


Testing
-------

No testing necessary.  Documentation change, only.


Thanks,

Robert Levas

Review Request 56685: Document security issue related to setting security.agent.hostname.validate to false

Reply via email to