OESA-2022-2016

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2016

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2022-2016.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2022-2016

Upstream

CVE-2021-33036

Published

2022-10-21T11:04:27Z

Modified

2025-09-03T06:17:25.403807Z

Summary

hadoop security update

Details

Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers using simple programming models. It is designed to scale up from single servers to thousands of machines, each offering local computation and storage.

Security Fix(es):

In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.(CVE-2021-33036)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / hadoop

Package

Name: hadoop
Purl: pkg:rpm/openEuler/hadoop&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.4-1.oe1

Ecosystem specific

{
    "noarch": [
        "hadoop-common-3.3.4-1.oe1.noarch.rpm",
        "hadoop-yarn-3.3.4-1.oe1.noarch.rpm",
        "hadoop-mapreduce-examples-3.3.4-1.oe1.noarch.rpm",
        "hadoop-hdfs-3.3.4-1.oe1.noarch.rpm",
        "hadoop-maven-plugin-3.3.4-1.oe1.noarch.rpm",
        "hadoop-httpfs-3.3.4-1.oe1.noarch.rpm",
        "hadoop-client-3.3.4-1.oe1.noarch.rpm",
        "hadoop-tests-3.3.4-1.oe1.noarch.rpm",
        "hadoop-mapreduce-3.3.4-1.oe1.noarch.rpm"
    ],
    "x86_64": [
        "hadoop-debuginfo-3.3.4-1.oe1.x86_64.rpm",
        "hadoop-debugsource-3.3.4-1.oe1.x86_64.rpm",
        "hadoop-common-native-3.3.4-1.oe1.x86_64.rpm",
        "libhdfs-3.3.4-1.oe1.x86_64.rpm",
        "hadoop-devel-3.3.4-1.oe1.x86_64.rpm",
        "hadoop-yarn-security-3.3.4-1.oe1.x86_64.rpm"
    ],
    "src": [
        "hadoop-3.3.4-1.oe1.src.rpm"
    ],
    "aarch64": [
        "hadoop-devel-3.3.4-1.oe1.aarch64.rpm",
        "hadoop-common-native-3.3.4-1.oe1.aarch64.rpm",
        "hadoop-debuginfo-3.3.4-1.oe1.aarch64.rpm",
        "hadoop-yarn-security-3.3.4-1.oe1.aarch64.rpm",
        "hadoop-debugsource-3.3.4-1.oe1.aarch64.rpm",
        "libhdfs-3.3.4-1.oe1.aarch64.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / hadoop

Package

Name: hadoop
Purl: pkg:rpm/openEuler/hadoop&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.4-1.oe1

Ecosystem specific

{
    "noarch": [
        "hadoop-client-3.3.4-1.oe1.noarch.rpm",
        "hadoop-maven-plugin-3.3.4-1.oe1.noarch.rpm",
        "hadoop-tests-3.3.4-1.oe1.noarch.rpm",
        "hadoop-httpfs-3.3.4-1.oe1.noarch.rpm",
        "hadoop-common-3.3.4-1.oe1.noarch.rpm",
        "hadoop-mapreduce-3.3.4-1.oe1.noarch.rpm",
        "hadoop-mapreduce-examples-3.3.4-1.oe1.noarch.rpm",
        "hadoop-yarn-3.3.4-1.oe1.noarch.rpm",
        "hadoop-hdfs-3.3.4-1.oe1.noarch.rpm"
    ],
    "x86_64": [
        "hadoop-devel-3.3.4-1.oe1.x86_64.rpm",
        "hadoop-debugsource-3.3.4-1.oe1.x86_64.rpm",
        "hadoop-debuginfo-3.3.4-1.oe1.x86_64.rpm",
        "hadoop-common-native-3.3.4-1.oe1.x86_64.rpm",
        "hadoop-yarn-security-3.3.4-1.oe1.x86_64.rpm",
        "libhdfs-3.3.4-1.oe1.x86_64.rpm"
    ],
    "src": [
        "hadoop-3.3.4-1.oe1.src.rpm"
    ],
    "aarch64": [
        "hadoop-common-native-3.3.4-1.oe1.aarch64.rpm",
        "hadoop-yarn-security-3.3.4-1.oe1.aarch64.rpm",
        "hadoop-debugsource-3.3.4-1.oe1.aarch64.rpm",
        "libhdfs-3.3.4-1.oe1.aarch64.rpm",
        "hadoop-devel-3.3.4-1.oe1.aarch64.rpm",
        "hadoop-debuginfo-3.3.4-1.oe1.aarch64.rpm"
    ]
}

openEuler:22.03-LTS / hadoop

Package

Name: hadoop
Purl: pkg:rpm/openEuler/hadoop&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.4-1.oe2203

Ecosystem specific

{
    "noarch": [
        "hadoop-httpfs-3.3.4-1.oe2203.noarch.rpm",
        "hadoop-client-3.3.4-1.oe2203.noarch.rpm",
        "hadoop-mapreduce-examples-3.3.4-1.oe2203.noarch.rpm",
        "hadoop-maven-plugin-3.3.4-1.oe2203.noarch.rpm",
        "hadoop-yarn-3.3.4-1.oe2203.noarch.rpm",
        "hadoop-hdfs-3.3.4-1.oe2203.noarch.rpm",
        "hadoop-mapreduce-3.3.4-1.oe2203.noarch.rpm",
        "hadoop-tests-3.3.4-1.oe2203.noarch.rpm",
        "hadoop-common-3.3.4-1.oe2203.noarch.rpm"
    ],
    "x86_64": [
        "hadoop-debuginfo-3.3.4-1.oe2203.x86_64.rpm",
        "hadoop-debugsource-3.3.4-1.oe2203.x86_64.rpm",
        "hadoop-common-native-3.3.4-1.oe2203.x86_64.rpm",
        "hadoop-devel-3.3.4-1.oe2203.x86_64.rpm",
        "hadoop-yarn-security-3.3.4-1.oe2203.x86_64.rpm",
        "libhdfs-3.3.4-1.oe2203.x86_64.rpm"
    ],
    "src": [
        "hadoop-3.3.4-1.oe2203.src.rpm"
    ],
    "aarch64": [
        "hadoop-debugsource-3.3.4-1.oe2203.aarch64.rpm",
        "libhdfs-3.3.4-1.oe2203.aarch64.rpm",
        "hadoop-devel-3.3.4-1.oe2203.aarch64.rpm",
        "hadoop-yarn-security-3.3.4-1.oe2203.aarch64.rpm",
        "hadoop-debuginfo-3.3.4-1.oe2203.aarch64.rpm",
        "hadoop-common-native-3.3.4-1.oe2203.aarch64.rpm"
    ]
}