hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [hadoop] virajjasani commented on pull request #2932: HADOOP-17649. Upgrade wildfly openssl to 2.1.3.Final due to security vulnerabilities
Date Thu, 22 Apr 2021 16:32:09 GMT

virajjasani commented on pull request #2932:
URL: https://github.com/apache/hadoop/pull/2932#issuecomment-824996410

   Btw, the main reason behind this upgrade is CVE: https://nvd.nist.gov/vuln/detail/CVE-2020-25644
   A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where
it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of
service. The highest threat from this vulnerability is to system availability.

This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message