Velmurugan Periasamy
2018-10-05 02:28:16 UTC
Hello:
Please find below details on CVE fixed in Ranger 1.2.0 release. Release details can be found at https://cwiki.apache.org/confluence/display/RANGER/1.2.0+Release+-+Apache+Ranger
————————————————————————————————————————————————————————————————————————————————————————————————————————
CVE-2018-11778: Apache Ranger Stack based buffer overflow
Severity: Critical
Vendor: The Apache Software Foundation
Versions Affected: Apache Ranger versions prior to 1.2.0
Users affected: Unix Authentication Service users
Description: Apache Ranger UnixAuthenticationService should properly handle user input to avoid Stack-based buffer overflow.
Fix detail: UnixAuthenticationService was updated to correctly handle user input.
Mitigation: Users should upgrade to 1.2.0 or later version of Apache Ranger with the fix.
Credit: Alexander Klink.
————————————————————————————————————————————————————————————————————————————————————————————————————————
Thank you,
Velmurugan Periasamy
Please find below details on CVE fixed in Ranger 1.2.0 release. Release details can be found at https://cwiki.apache.org/confluence/display/RANGER/1.2.0+Release+-+Apache+Ranger
————————————————————————————————————————————————————————————————————————————————————————————————————————
CVE-2018-11778: Apache Ranger Stack based buffer overflow
Severity: Critical
Vendor: The Apache Software Foundation
Versions Affected: Apache Ranger versions prior to 1.2.0
Users affected: Unix Authentication Service users
Description: Apache Ranger UnixAuthenticationService should properly handle user input to avoid Stack-based buffer overflow.
Fix detail: UnixAuthenticationService was updated to correctly handle user input.
Mitigation: Users should upgrade to 1.2.0 or later version of Apache Ranger with the fix.
Credit: Alexander Klink.
————————————————————————————————————————————————————————————————————————————————————————————————————————
Thank you,
Velmurugan Periasamy