Fixed Common Vulnerabilities and Exposures
There are no Common Vulnerabilities and Exposures (CVE) that is fixed in this release.
CVE-2018-11768
Component: Apache Hadoop Common/HDFS
Summary: The user/group information can be corrupted across storing in fsimage and reading back from fsimage.
Severity: Critical
Vendor: Cloudera
Versions Affected: HDP 3.x
Users Affected: Users using HDFS in HDP 3.1.4.0 or earlier.
Impact: There is a mismatch in the size of the fields used to store user/group information between memory and disk representation. This causes the user/group information to be corrupted across storing in fsimage and reading back from fsimage.
Recommended Action: Upgrade to HDP 3.1.5.0 or later.
CVE-2018-11779
Component: Apache Storm
Summary: Storm UI daemon vulnerability.
Severity: Critical
Vendor: Cloudera
Versions Affected: HDP 3.0.x, HDP 3.1.x
Users Affected: User using the storm-kafka-client or storm-kafka modules.
Impact: See STORM-3201. It is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.
Recommended Action: Upgrade to HDP 3.1.5.0 or later.