Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hadoop, mail # general - [CVE-2012-1574] Apache Hadoop user impersonation vulnerability


Copy link to this message
-
Re: [CVE-2012-1574] Apache Hadoop user impersonation vulnerability
Owen O'Malley 2012-04-06, 17:17

On Apr 6, 2012, at 10:02 AM, Andrew Purtell wrote:

> This is not a helpful disclosure.
>
> Now we know our "secure" deployment is vulnerable, but have no idea how to mitigate. Claiming an upgrade to a nonexistent version with an, apparently, uncommitted fix as a mitigation is not viable. Where is the JIRA for this?

*SIGH* You're right, we messed up. We waited for the stable line to be fixed with Hadoop 1.0.2, but we should have waited for the 0.23.2 vote to pass too. The bug is fixed in 0.23.2 rc 0.

-- Owen