[jira] [Resolved] (IMPALA-14767) Investigate and pull in Ubuntu's patches for binutils 2.42

Wed, 25 Feb 2026 12:15:08 -0800 


     [ 
https://issues.apache.org/jira/browse/IMPALA-14767?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Joe McDonnell resolved IMPALA-14767.
------------------------------------
    Fix Version/s: Impala 5.0.0
       Resolution: Fixed

This is fixed in the native-toolchain
{noformat}
commit 93391eea80a616868b749ee0e3a09962f40cdc59
Author: Joe McDonnell <[email protected]>
Date:   Fri Feb 20 16:06:08 2026 -0800    IMPALA-14767: Patch binutils 2.42 
with CVE fixes from Ubuntu 24
    
    Ubuntu 24 uses binutils 2.42 and has backported several CVE
    fixes. These patches are available via their source packages
    and publications (in particular binutils_2.42-4ubuntu2.8.debian.tar.xz).
    None of these are security issues for Impala itself, and
    there is no indication that we've been affected by any
    of them. Even so, they include memory corruptions and memory
    leaks for these build tools, so it is prudent to patch
    binutils to fix them.
    
    This applies the CVE patches from binutils_2.42-4ubuntu2.8.debian.tar.xz
    in order specified by the debian/patches/series file in that
    tarball. This includes pieces of the changelog describing the
    patches in a README in the patches directory.
    
    Testing:
     - Ran a toolchain build
    
    Change-Id: I38ddc81416a84a39a83b43a27ea008b29015b859
    Reviewed-on: http://gerrit.cloudera.org:8080/24019
    Reviewed-by: Joe McDonnell <[email protected]>
    Tested-by: Joe McDonnell <[email protected]>
 {noformat}

> Investigate and pull in Ubuntu's patches for binutils 2.42
> ----------------------------------------------------------
>
>                 Key: IMPALA-14767
>                 URL: https://issues.apache.org/jira/browse/IMPALA-14767
>             Project: IMPALA
>          Issue Type: Task
>          Components: Infrastructure
>    Affects Versions: Impala 5.0.0
>            Reporter: Joe McDonnell
>            Assignee: Joe McDonnell
>            Priority: Major
>             Fix For: Impala 5.0.0
>
>
> The toolchain currently uses binutils 2.42. Ubuntu 24 also uses this version, 
> but it has applied several patches for various issues (CVEs, memory 
> corruptions, etc). It may be useful for us to pull in those patches to the 
> toolchain. That is likely to provide a more stable experience than using an 
> unpatched version.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to