Return-Path: <user-return-352-archive-asf-public=cust-asf.ponee.io@impala.incubator.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 5E880200CD0
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Mon, 10 Jul 2017 19:26:42 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 5D447163B95; Mon, 10 Jul 2017 17:26:42 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id B4166163B94
	for <archive-asf-public@cust-asf.ponee.io>; Mon, 10 Jul 2017 19:26:41 +0200 (CEST)
Received: (qmail 49050 invoked by uid 500); 10 Jul 2017 17:26:40 -0000
Mailing-List: contact user-help@impala.incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@impala.incubator.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@impala.incubator.apache.org>
List-Post: <mailto:user@impala.incubator.apache.org>
List-Id: <user.impala.incubator.apache.org>
Reply-To: user@impala.incubator.apache.org
Delivered-To: mailing list user@impala.incubator.apache.org
Received: (qmail 49008 invoked by uid 99); 10 Jul 2017 17:26:39 -0000
Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 10 Jul 2017 17:26:39 +0000
Received: from mail-qk0-f173.google.com (mail-qk0-f173.google.com [209.85.220.173])
	by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 59D5D1A0029;
	Mon, 10 Jul 2017 17:26:39 +0000 (UTC)
Received: by mail-qk0-f173.google.com with SMTP id d78so79598683qkb.1;
        Mon, 10 Jul 2017 10:26:39 -0700 (PDT)
X-Gm-Message-State: AIVw110Ju4H/oU2eVqABJ9BSp+Pe6gsir52edmzzrhbUTSYmD07HPV0q
	WO+ISHGyf2J5owRdC46CSrgu6sgHgw==
X-Received: by 10.55.180.197 with SMTP id d188mr5634625qkf.181.1499707598490;
 Mon, 10 Jul 2017 10:26:38 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.106.116 with HTTP; Mon, 10 Jul 2017 10:26:38 -0700 (PDT)
From: Sailesh Mukil <sailesh@apache.org>
Date: Mon, 10 Jul 2017 10:26:38 -0700
X-Gmail-Original-Message-ID: <CA+LM4Mt5Nk_qJom7YhKaZrLQArqWWY=ofUDK7h+MM7mmOVhp_w@mail.gmail.com>
Message-ID: <CA+LM4Mt5Nk_qJom7YhKaZrLQArqWWY=ofUDK7h+MM7mmOVhp_w@mail.gmail.com>
Subject: [SECURITY] CVE-2017-5652 Apache Impala (incubating) Information Disclosure
To: announce@apache.org, user@impala.apache.org, dev@impala.apache.org,
	security@apache.org
Content-Type: multipart/alternative; boundary="94eb2c06f336acd1c20553f9e214"
archived-at: Mon, 10 Jul 2017 17:26:42 -0000

--94eb2c06f336acd1c20553f9e214
Content-Type: text/plain; charset="UTF-8"

CVE-2017-5652 Apache Impala (incubating) Information Disclosure


Severity: High


Versions Affected:

Apache Impala (incubating) 2.7.0 to 2.8.0


Description:

During a routine security analysis, it was found that one of the ports sent
data in plaintext even when the cluster was configured to use TLS. The port
in question was used by the StatestoreSubscriber class which did not use
the appropriate secure Thrift transport when TLS was turned on. It was
therefore possible for an adversary, with access to the network, to
eavesdrop on the packets going to and coming from that port and view the
data in plaintext.


Mitigation:

Users of the affected versions should apply the following mitigation:

 - Upgrade to Apache Impala (incubating) 2.9.0


Credit:
This issue was identified and reported responsibly by the Cloudera security
team.


References:
[1] https://issues.apache.org/jira/browse/IMPALA-5253

--94eb2c06f336acd1c20553f9e214
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><blockquote style=3D"margin:0px 0px 0px 40px;border:none;p=
adding:0px"></blockquote>CVE-2017-5652 Apache Impala (incubating) Informati=
on Disclosure<br><blockquote style=3D"margin:0px 0px 0px 40px;border:none;p=
adding:0px"></blockquote><br><div>Severity: High<br><blockquote style=3D"ma=
rgin:0px 0px 0px 40px;border:none;padding:0px"></blockquote><br><div>Versio=
ns Affected:<br><blockquote style=3D"margin:0px 0px 0px 40px;border:none;pa=
dding:0px"></blockquote>Apache Impala (incubating) 2.7.0 to 2.8.0<br><block=
quote style=3D"margin:0px 0px 0px 40px;border:none;padding:0px"></blockquot=
e><br><div>Description:<br><blockquote style=3D"margin:0px 0px 0px 40px;bor=
der:none;padding:0px"></blockquote></div></div></div><blockquote style=3D"m=
argin:0px 0px 0px 40px;border:none;padding:0px"></blockquote>During a routi=
ne security analysis, it was found that one of the ports sent data in plain=
text even when the cluster was configured to use TLS. The port in question =
was used by the StatestoreSubscriber class which did not use the appropriat=
e secure Thrift transport when TLS was turned on. It was therefore possible=
 for an adversary, with access to the network, to eavesdrop on the packets =
going to and coming from that port and view the data in plaintext.<br><bloc=
kquote style=3D"margin:0px 0px 0px 40px;border:none;padding:0px"></blockquo=
te><br><div>Mitigation:<br><blockquote style=3D"margin:0px 0px 0px 40px;bor=
der:none;padding:0px"></blockquote>Users of the affected versions should ap=
ply the following mitigation:<br><blockquote style=3D"margin:0px 0px 0px 40=
px;border:none;padding:0px"></blockquote><blockquote style=3D"margin:0px 0p=
x 0px 40px;border:none;padding:0px"></blockquote>=C2=A0- Upgrade to Apache =
Impala (incubating) 2.9.0<br><blockquote style=3D"margin:0px 0px 0px 40px;b=
order:none;padding:0px"></blockquote><br><div>Credit:<div>This issue was id=
entified and reported responsibly by the Cloudera security team.<blockquote=
 style=3D"margin:0px 0px 0px 40px;border:none;padding:0px"></blockquote><di=
v><blockquote style=3D"margin:0px 0px 0px 40px;border:none;padding:0px"></b=
lockquote>


</div></div></div></div><div><br></div><div>References:</div><div>[1]=C2=A0=
<a href=3D"https://issues.apache.org/jira/browse/IMPALA-5253"><span class=
=3D"gmail-s2">https://issues.apache.org/jira/browse/IMPALA-5253</span></a><=
br></div></div>

--94eb2c06f336acd1c20553f9e214--