Discussion:
CVE-2017-3161/CVE-2017-3162 question
Christopher
2017-05-05 16:55:51 UTC
Permalink
Is there any patch available for CVE-2017-3161 or CVE-2017-3162 that can
apply to 2.4.1?

Fedora currently ships Hadoop 2.4.1 in F25, and I'm wondering if there's
any way I can get some upstream support to help mitigate this in the Fedora
packaging to address: https://bugzilla.redhat.com/show_bug.cgi?id=1448374

Otherwise, I'm going to have to leave these problems in place for F25,
until F26 is released (which will ship with Hadoop 2.7.3).

Any help to backport or apply a patch to address these would be appreciated.

Thanks.
Akira Ajisaka
2017-05-09 03:34:20 UTC
Permalink
# Added hdfs-dev ML and moved general ML to Bcc

Hi Christopher,

https://issues.apache.org/jira/browse/HDFS-6252 is the main issue and it
removes the old HDFS web UI. Probably the patch in this issue does not
apply to 2.4.1, so you need to rebase it. After applying HDFS-6252, the
following issues need to be fixed to run unit tests successfully.

* HDFS-7880
* HDFS-7635

Hope it helps.

Regards,
Akira
Post by Christopher
Is there any patch available for CVE-2017-3161 or CVE-2017-3162 that can
apply to 2.4.1?
Fedora currently ships Hadoop 2.4.1 in F25, and I'm wondering if there's
any way I can get some upstream support to help mitigate this in the Fedora
packaging to address: https://bugzilla.redhat.com/show_bug.cgi?id=1448374
Otherwise, I'm going to have to leave these problems in place for F25,
until F26 is released (which will ship with Hadoop 2.7.3).
Any help to backport or apply a patch to address these would be appreciated.
Thanks.
---------------------------------------------------------------------
To unsubscribe, e-mail: general-***@hadoop.apache.org
For additional commands, e-mail: general-***@hadoop.apache.org

Loading...