oss-sec mailing list archives
CVE update - fixed in Apache Ranger 1.2.0
From: Velmurugan Periasamy <vel () apache org>
Date: Thu, 4 Oct 2018 22:28:16 -0400
Hello: Please find below details on CVE fixed in Ranger 1.2.0 release. Release details can be found at https://cwiki.apache.org/confluence/display/RANGER/1.2.0+Release+-+Apache+Ranger ———————————————————————————————————————————————————————————————————————————————————————————————————————— CVE-2018-11778: Apache Ranger Stack based buffer overflow Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Ranger versions prior to 1.2.0 Users affected: Unix Authentication Service users Description: Apache Ranger UnixAuthenticationService should properly handle user input to avoid Stack-based buffer overflow. Fix detail: UnixAuthenticationService was updated to correctly handle user input. Mitigation: Users should upgrade to 1.2.0 or later version of Apache Ranger with the fix. Credit: Alexander Klink. ———————————————————————————————————————————————————————————————————————————————————————————————————————— Thank you, Velmurugan Periasamy
Current thread:
- CVE update - fixed in Apache Ranger 1.2.0 Velmurugan Periasamy (Oct 04)