====================================================================


                             CERT-Renater

                 Note d'Information No. 2018/VULN340
_____________________________________________________________________

DATE                : 26/10/2018

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):Systems running Apache Impala versions prior to
                                          3.0.1.

=====================================================================
http://mail-archives.apache.org/mod_mbox/impala-user/201810.mbox/%3cCAC-pSX1E6o=VFeXSCdis+Pesa8BZBAhdP0zUZHL4W2fLWqEi4g@mail.gmail.com%3e
_____________________________________________________________________

Additionally, this release was mainly to pick up two security fixes:

CVE-2018-11785:
- Missing authorization check in Apache Impala allows a
Kerberos-authenticated but unauthorized user to inject random data
into a running query, leading to wrong results for a query

CVE-2018-11792 (IMPALA-7502):
- ALTER TABLE/VIEW RENAME required ALTER on the old
table. This may pose a potential security risk, such as having ALTER on
a table and ALL on a particular database allows a user to move the table
to a database with ALL, which will automatically grant that user with
ALL privilege on that table due to the privilege inherited from the
database


On Wed, Oct 24, 2018 at 12:05 PM Jim Apple <jbapple@cloudera.com> wrote:

> The Apache Impala PMC is announcing the release of Impala 3.0.1.
>
> Impala is a high-performance distributed SQL engine.
>
> The release is available at https://impala.apache.org/downloads.html
>
> Thanks,
> Jim Apple on behalf of the Apache Impala PMC

=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================