...
| Note |
|---|
Before reporting any security related JIRAs, please go through Apache's guidance for VULNERABILITY HANDLING Please see Lock down Apache Ranger for production deployments |
Fixed in Ranger 1.2.0
...
CVE-2018-11778: Apache Ranger Stack based buffer overflow
Severity: Critical
Vendor: The Apache Software Foundation
Versions Affected: Apache Ranger versions prior to 1.2.0
Users affected: Unix Authentication Service users
Description: Apache Ranger UnixAuthenticationService should properly handle user input to avoid Stack-based buffer overflow.
Fix detail: UnixAuthenticationService was updated to correctly handle user input.
Mitigation: Users should upgrade to 1.2.0 or later version of Apache Ranger with the fix.
Credit: Alexander Klink.
Fixed in Ranger 0.7.1
...
CVE-2017-7676: Apache Ranger policy evaluation ignores characters after ‘*’ wildcard character
...