{"schema_version":"1.7.2","id":"OESA-2021-1201","modified":"2021-05-30T11:02:55Z","published":"2021-05-30T11:02:55Z","upstream":["CVE-2020-9492"],"summary":"hadoop security update","details":"Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers using simple programming models. It is designed to scale up from single servers to thousands of machines, each offering local computation and storage.\r\n\r\nSecurity Fix(es):\r\n\r\nIn Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.(CVE-2020-9492)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"hadoop","purl":"pkg:rpm/openEuler/hadoop\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.1-7.oe1"}]}],"ecosystem_specific":{"aarch64":["libhdfs-3.2.1-7.oe1.aarch64.rpm","hadoop-common-native-3.2.1-7.oe1.aarch64.rpm","hadoop-yarn-security-3.2.1-7.oe1.aarch64.rpm","hadoop-debuginfo-3.2.1-7.oe1.aarch64.rpm","hadoop-devel-3.2.1-7.oe1.aarch64.rpm","hadoop-debugsource-3.2.1-7.oe1.aarch64.rpm"],"noarch":["hadoop-mapreduce-3.2.1-7.oe1.noarch.rpm","hadoop-common-3.2.1-7.oe1.noarch.rpm","hadoop-maven-plugin-3.2.1-7.oe1.noarch.rpm","hadoop-httpfs-3.2.1-7.oe1.noarch.rpm","hadoop-yarn-3.2.1-7.oe1.noarch.rpm","hadoop-hdfs-3.2.1-7.oe1.noarch.rpm","hadoop-mapreduce-examples-3.2.1-7.oe1.noarch.rpm","hadoop-client-3.2.1-7.oe1.noarch.rpm","hadoop-tests-3.2.1-7.oe1.noarch.rpm"],"src":["hadoop-3.2.1-7.oe1.src.rpm"],"x86_64":["libhdfs-3.2.1-7.oe1.x86_64.rpm","hadoop-debuginfo-3.2.1-7.oe1.x86_64.rpm","hadoop-debugsource-3.2.1-7.oe1.x86_64.rpm","hadoop-yarn-security-3.2.1-7.oe1.x86_64.rpm","hadoop-common-native-3.2.1-7.oe1.x86_64.rpm","hadoop-devel-3.2.1-7.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1201"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9492"}],"database_specific":{"severity":"High"}}