hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Loughran <ste...@hortonworks.com>
Subject Re: [Important] Confirmation related to OpenSsl security issue
Date Fri, 11 Apr 2014 13:06:03 GMT
I don't know anything about that, but I do know the apache infrastructure
related changes

-apache.org was vulnerable
-a new *.apache.org certificate is being obtained
-once issued, committers and anyone with JIRA admin access are going to
have to /should change passwords
-JIRA login passwords are best rolled too.
-github was also vulnerable; it's upgraded its cert an its time to update
passwords: https://lastpass.com/heartbleed/?h=github.com



On 11 April 2014 10:27, Vinayakumar B <vinayakumar.b@huawei.com> wrote:

> Hi,
>
> Recently one security issue has been found in OpenSSL which has impacted
> so many customers of different vendors.
>
> http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=720951&SearchOrder=4
>
> I want to ask, whether is there in impact of this on the Hadoop Release?
>
> Currently Hadoop-pipes are uses openssl-devel packages for building native
> support.
>
> Can someone familiar with Hadoop-pipes can confirm whether is there any
> impact of this security issue on builds of Hadoop built with defective
> openssl?
>
> Regards,
>    Vinay
>
>
> ****************************************************************************
> This e-mail and attachments contain confidential information from HUAWEI,
> which is intended only for the person or entity whose address is listed
> above. Any use of the information contained herein in any way (including,
> but not limited to, total or partial disclosure, reproduction, or
> dissemination) by persons other than the intended recipient's) is
> prohibited. If you receive this e-mail in error, please notify the sender
> by
> phone or email immediately and delete it!
>
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message