[jira] [Commented] (IMPALA-12063) Upgrade to a version of zlib with fix for CVE-2022-37434

Thu, 20 Apr 2023 08:53:04 -0700 


    [ 
https://issues.apache.org/jira/browse/IMPALA-12063?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17714651#comment-17714651
 ] 

ASF subversion and git services commented on IMPALA-12063:
----------------------------------------------------------

Commit b4920295ac7ceef3921e879c247f29c584c14b24 in impala's branch 
refs/heads/master from Joe McDonnell
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=b4920295a ]

IMPALA-12063: Upgrade zlib to 1.2.13

This bumps the toolchain version to get zlib 1.2.13,
which contains the fix for CVE-2022-37434.

This toolchain incorporates several changes to clean
up the native-toolchain and remove unnecessary
component builds. As part of this, OpenSSL is no
longer built in the toolchain, so this stops
downloading it. This changes the build to require
OpenSSL 1.0.2 or higher. This doesn't impact anything,
because all supported platforms already used
OpenSSL 1.0.2 or higher. See IMPALA-12064.

Testing:
 - perf-AB-test shows no change in performance for
   ORC with deflate
 - GVO passes

Change-Id: I96efc947534cda8d15d4f440cd6851d397b6562d
Reviewed-on: http://gerrit.cloudera.org:8080/19760
Reviewed-by: Wenzhe Zhou <[email protected]>
Tested-by: Impala Public Jenkins <[email protected]>


> Upgrade to a version of zlib with fix for CVE-2022-37434
> --------------------------------------------------------
>
>                 Key: IMPALA-12063
>                 URL: https://issues.apache.org/jira/browse/IMPALA-12063
>             Project: IMPALA
>          Issue Type: Bug
>          Components: Backend
>    Affects Versions: Impala 4.3.0
>            Reporter: Joe McDonnell
>            Assignee: Joe McDonnell
>            Priority: Major
>
> Zlib fixed [CVE-2022-37434|https://nvd.nist.gov/vuln/detail/CVE-2022-37434] 
> in version 1.2.13. This impacts inflateGetHeader(), which we do not use, so 
> this is not expected to have any impact on Impala. Moving to the new zlib 
> 1.2.13 avoids any uncertainty about this.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to