Uploaded image for project: 'CDH (READ-ONLY)'
  1. CDH (READ-ONLY)
  2. DISTRO-792

Apply patch from HIVE-12875 to fix security vulnerability CVE-2015-7521

    Details

    • Type: Backport
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: CDH 5.4.0, CDH 5.4.1, CDH 5.4.2, CDH5.4.0, CDH 5.4.3, CDH 5.4.4, CDH 5.4.5, CDH 5.4.7, CDH 5.5.0, CDH 5.4.8, CDH5 5.6.0
    • Fix Version/s: None
    • Component/s: Hive
    • Environment:
      All

      Description

      A security vulnerability in Hive related to SQL Authorization controls was reported as CVE-2015-7521 which I found out about at the following links:

      The Hive project created a workaround for unpatched Hive distributions, which is used as a "plugin" by configuring the contained class as an authorization hook. The source and a pre-compiled jar of this workaround can be downloaded from here: http://apache.org/dist/hive/hive-parent-auth-hook/

      The Apache JIRA issue for this bug is here: https://issues.apache.org/jira/browse/HIVE-12875

      A working patch is attached to that JIRA issue.

      The git commit of the fix resolving the bug can be seen here: https://git-wip-us.apache.org/repos/asf?p=hive.git;a=commit;h=98f933f269e6b528ef84912b3d701ca3272ec04b

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              sscaffidi Steve Scaffidi
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: