CVE-2017-7669 Does Not Impact Current or Planned Future Versions of CDH

0 votes
1 view
asked Aug 20, 2017 in Hadoop by admin (4,410 points)
SummaryCVE-2017-7669 was issued for Apache Hadoop. No versions of CDH are impacted by this security vulnerability.
Symptoms
Applies To
Cause
Instructions

Apache Hadoop announced CVE-2017-7669 as a security vulnerability.

In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.

As the most recent CDH versions use Hadoop 2.6 or below versions, CDH does not contain this vulnerability.

Please log in or register to answer this question.

...