{"schema_version":"1.7.2","id":"OESA-2024-2347","modified":"2025-08-13T07:23:00Z","published":"2024-11-08T01:34:37Z","upstream":["CVE-2024-23454"],"summary":"hadoop-3.1 security update","details":"Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers using simple programming models. It is designed to scale up from single servers to thousands of machines, each offering local computation and storage.\n\nSecurity Fix(es):\n\nApache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content.\nThis is because, on unix-like systems, the system temporary directory is\nshared between all local users. As such, files written in this directory,\nwithout setting the correct posix permissions explicitly, may be viewable\nby all other local users.(CVE-2024-23454)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"hadoop-3.1","purl":"pkg:rpm/openEuler/hadoop-3.1&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.4-11.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["hadoop-3.1-common-native-3.1.4-11.oe2003sp4.aarch64.rpm","hadoop-3.1-debuginfo-3.1.4-11.oe2003sp4.aarch64.rpm","hadoop-3.1-debugsource-3.1.4-11.oe2003sp4.aarch64.rpm","hadoop-3.1-devel-3.1.4-11.oe2003sp4.aarch64.rpm","hadoop-3.1-yarn-security-3.1.4-11.oe2003sp4.aarch64.rpm","libhdfs-3.1.4-11.oe2003sp4.aarch64.rpm"],"noarch":["hadoop-3.1-client-3.1.4-11.oe2003sp4.noarch.rpm","hadoop-3.1-common-3.1.4-11.oe2003sp4.noarch.rpm","hadoop-3.1-hdfs-3.1.4-11.oe2003sp4.noarch.rpm","hadoop-3.1-httpfs-3.1.4-11.oe2003sp4.noarch.rpm","hadoop-3.1-mapreduce-3.1.4-11.oe2003sp4.noarch.rpm","hadoop-3.1-mapreduce-examples-3.1.4-11.oe2003sp4.noarch.rpm","hadoop-3.1-maven-plugin-3.1.4-11.oe2003sp4.noarch.rpm","hadoop-3.1-tests-3.1.4-11.oe2003sp4.noarch.rpm","hadoop-3.1-yarn-3.1.4-11.oe2003sp4.noarch.rpm"],"src":["hadoop-3.1-3.1.4-11.oe2003sp4.src.rpm"],"x86_64":["hadoop-3.1-common-native-3.1.4-11.oe2003sp4.x86_64.rpm","hadoop-3.1-debuginfo-3.1.4-11.oe2003sp4.x86_64.rpm","hadoop-3.1-debugsource-3.1.4-11.oe2003sp4.x86_64.rpm","hadoop-3.1-devel-3.1.4-11.oe2003sp4.x86_64.rpm","hadoop-3.1-yarn-security-3.1.4-11.oe2003sp4.x86_64.rpm","libhdfs-3.1.4-11.oe2003sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2347"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23454"}],"database_specific":{"severity":"Medium"}}