You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@impala.apache.org by Jim Apple <jb...@cloudera.com> on 2018/10/24 19:05:57 UTC
[ANNOUNCE] Apache Impala 3.0.1 release
The Apache Impala PMC is announcing the release of Impala 3.0.1.
Impala is a high-performance distributed SQL engine.
The release is available at https://impala.apache.org/downloads.html
Thanks,
Jim Apple on behalf of the Apache Impala PMC
CVE-2018-11785 and CVE-2018-11792, was "[ANNOUNCE] Apache Impala
3.0.1 release"
Posted by Jim Apple <jb...@cloudera.com>.
Additionally, this release was mainly to pick up two security fixes:
CVE-2018-11785:
- Missing authorization check in Apache Impala allows a
Kerberos-authenticated but unauthorized user to inject random data into a
running query, leading to wrong results for a query
CVE-2018-11792 (IMPALA-7502):
- ALTER TABLE/VIEW RENAME required ALTER on the old
table. This may pose a potential security risk, such as having ALTER on a
table and ALL on a particular database allows a user to move the table to a
database with ALL, which will automatically grant that user with ALL
privilege on that table due to the privilege inherited from the database
On Wed, Oct 24, 2018 at 12:05 PM Jim Apple <jb...@cloudera.com> wrote:
> The Apache Impala PMC is announcing the release of Impala 3.0.1.
>
> Impala is a high-performance distributed SQL engine.
>
> The release is available at https://impala.apache.org/downloads.html
>
> Thanks,
> Jim Apple on behalf of the Apache Impala PMC
>
>
CVE-2018-11785 and CVE-2018-11792, was "[ANNOUNCE] Apache Impala
3.0.1 release"
Posted by Jim Apple <jb...@cloudera.com>.
Additionally, this release was mainly to pick up two security fixes:
CVE-2018-11785:
- Missing authorization check in Apache Impala allows a
Kerberos-authenticated but unauthorized user to inject random data into a
running query, leading to wrong results for a query
CVE-2018-11792 (IMPALA-7502):
- ALTER TABLE/VIEW RENAME required ALTER on the old
table. This may pose a potential security risk, such as having ALTER on a
table and ALL on a particular database allows a user to move the table to a
database with ALL, which will automatically grant that user with ALL
privilege on that table due to the privilege inherited from the database
On Wed, Oct 24, 2018 at 12:05 PM Jim Apple <jb...@cloudera.com> wrote:
> The Apache Impala PMC is announcing the release of Impala 3.0.1.
>
> Impala is a high-performance distributed SQL engine.
>
> The release is available at https://impala.apache.org/downloads.html
>
> Thanks,
> Jim Apple on behalf of the Apache Impala PMC
>
>
CVE-2018-11785 and CVE-2018-11792, was "[ANNOUNCE] Apache Impala
3.0.1 release"
Posted by Jim Apple <jb...@apache.org>.
Additionally, this release was mainly to pick up two security fixes:
CVE-2018-11785:
- Missing authorization check in Apache Impala allows a
Kerberos-authenticated but unauthorized user to inject random data into a
running query, leading to wrong results for a query
CVE-2018-11792 (IMPALA-7502):
- ALTER TABLE/VIEW RENAME required ALTER on the old
table. This may pose a potential security risk, such as having ALTER on a
table and ALL on a particular database allows a user to move the table to a
database with ALL, which will automatically grant that user with ALL
privilege on that table due to the privilege inherited from the database
On Wed, Oct 24, 2018 at 12:06 PM Jim Apple <jb...@apache.org> wrote:
> The Apache Impala PMC is announcing the release of Impala 3.0.1.
>
> Impala is a high-performance distributed SQL engine.
>
> The release is available at https://impala.apache.org/downloads.html
>
> Thanks,
> Jim Apple on behalf of the Apache Impala PMC
>
>
Fwd: [ANNOUNCE] Apache Impala 3.0.1 release
Posted by Jim Apple <jb...@apache.org>.
The Apache Impala PMC is announcing the release of Impala 3.0.1.
Impala is a high-performance distributed SQL engine.
The release is available at https://impala.apache.org/downloads.html
Thanks,
Jim Apple on behalf of the Apache Impala PMC