[jira] [Updated] (AMBARI-24415) Remove dependencies with CVE issues from Ambari Server

Wed, 08 Aug 2018 08:29:25 -0700 


     [ 
https://issues.apache.org/jira/browse/AMBARI-24415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Levas updated AMBARI-24415:
----------------------------------
    Status: Patch Available  (was: In Progress)

> Remove dependencies with CVE issues from Ambari Server
> ------------------------------------------------------
>
>                 Key: AMBARI-24415
>                 URL: https://issues.apache.org/jira/browse/AMBARI-24415
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>    Affects Versions: 2.7.1
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>              Labels: cleanup, pull-request-available
>             Fix For: 2.7.1
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Remove dependencies with CVE issues from Ambari Server
> * org.springframework:spring-beans:jar before 4.3.17.RELEASE 
> ** CVE-2018-1270 - https://nvd.nist.gov/vuln/detail/CVE-2018-1270
> ** CVE-2018-1275 - https://nvd.nist.gov/vuln/detail/CVE-2018-1275
> ** CVE-2018-1199 - https://nvd.nist.gov/vuln/detail/CVE-2018-1199
> ** CVE-2018-1271 - https://nvd.nist.gov/vuln/detail/CVE-2018-1271
> ** CVE-2018-1257 - https://nvd.nist.gov/vuln/detail/CVE-2018-1257
> {noformat}
> [INFO] org.apache.ambari:ambari-server:jar:2.7.0.0.0
> [INFO] \- 
> org.springframework.security:spring-security-core:jar:4.2.4.RELEASE:compile
> [INFO]    \- org.springframework:spring-beans:jar:4.3.12.RELEASE:compile
> {noformat}
> * org.kohsuke:libpam4j:jar before version 1.9
> ** CVE-2017-12197 - https://nvd.nist.gov/vuln/detail/CVE-2017-12197
> {noformat}
> [INFO] org.apache.ambari:ambari-server:jar:2.7.0.0.0
> [INFO] \- org.kohsuke:libpam4j:jar:1.8:compile
> {noformat}
> * org.springframework:spring-context before version 4.3.17.RELEASE
> ** CVE-2018-1257 - https://nvd.nist.gov/vuln/detail/CVE-2018-1257
> {noformat}
> [INFO] org.apache.ambari:ambari-server:jar:2.7.0.0.0
> [INFO] \- org.springframework:spring-context:jar:4.3.16.RELEASE:compile
> {noformat}
> * org.springframework.security:spring-security-ldap:jar before version 
> 4.1.5.RELEASE 
> ** CVE-2018-1199 - https://nvd.nist.gov/vuln/detail/CVE-2018-1199
> ** CVE-2016-9879 - https://nvd.nist.gov/vuln/detail/CVE-2016-9879
> {noformat}
> [INFO] org.apache.ambari:ambari-server:jar:2.7.0.0.0
> [INFO] \- 
> org.springframework.security:spring-security-ldap:jar:4.1.1.RELEASE:compile
> {noformat}
> * com.jcraft:jsch:jar before version 1.54 
> ** CVE-2016-5725 - https://nvd.nist.gov/vuln/detail/CVE-2016-5725
> {noformat}
> [INFO] org.apache.ambari:ambari-server:jar:2.7.0.0.0
> [INFO] \- com.jcraft:jsch:jar:0.1.45:compile
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to