lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Jun 2017 16:31:01 -0400 From: Velmurugan Periasamy <vel@...che.org> To: security <security@...che.org>, oss-security@...ts.openwall.com, bugtraq@...urityfocus.com Cc: private@...ger.apache.org, dev@...ger.apache.org, user@...ger.apache.org Subject: CVE update - fixed in Apache Ranger 0.7.1 Hello: Please find below details on CVEs fixed in Ranger 0.7.1 release. Release details can be found at https://cwiki.apache.org/confluence/display/RANGER/0.7.1+Release+-+Apache+Ranger ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- CVE-2017-7676: Apache Ranger policy evaluation ignores characters after ‘*’ wildcard character Severity: Critical Vendor: The Apache Software Foundation Versions Affected: 0.5.x/0.6.x/0.7.0 versions of Apache Ranger Users affected: Environments that use Ranger policies with characters after ‘*’ wildcard character – like my*test, test*.txt Description: Policy resource matcher ignores characters after ‘*’ wildcard character, which can result in unintended behavior. Fix detail: Ranger policy resource matcher was updated to correctly handle wildcard matches. Mitigation: Users should upgrade to 0.7.1 or later version of Apache Ranger with the fix. ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- CVE-2017-7677: Apache Ranger Hive Authorizer should check for RWX permission when external location is specified Severity: Critical Vendor: The Apache Software Foundation Versions Affected: 0.5.x/0.6.x/0.7.0 versions of Apache Ranger Users affected: Environments that use external location for hive tables Description: In environments that use external location for hive tables, Apache Ranger Hive Authorizer should check for RWX permission for the external location specified for create table. Fix detail: Ranger Hive Authorizer was updated to correctly handle permission check with external location. Mitigation: Users should upgrade to 0.7.1 or later version of Apache Ranger with the fix. ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Thank you, Velmurugan Periasamy
Powered by blists - more mailing lists