Issues Fixed in CDH 5.16.x
Issues Fixed in CDH 5.16.2
XSS Cloudera Manager
Malicious Impala queries can result in Cross Site Scripting (XSS) when viewed in Cloudera Manager.
Products affected: Apache Impala
- Cloudera Manager 5.13.x, 5.14.x, 5.15.1, 5.15.2, 5.16.1
- Cloudera Manager 6.0.0, 6.0.1, 6.1.0
Users affected: All Cloudera Manager Users
Date/time of detection: November 2018
Severity (Low/Medium/High): High
Immediate action required: There is no workaround, upgrade to the latest available maintenance release.
- Cloudera Manager 5.16.2
- Cloudera Manager 6.0.2, 6.1.1, 6.2.0, 6.3.0
Timestamp type-casted to varchar in a binary predicate can produce incorrect result
> select * from (select cast('2018-12-11 09:59:37' as timestamp) as ts) tbl where cast(ts as varchar(10)) = '2018-12-11';The output will have 0 rows.
Products affected: Apache Impala
- CDH 5.15.0, 5.15.1, 5.15.2, 5.16.0, 5.16.1
- CDH 6.0.0, 6.0.1, 6.1.0, 6.1.1
For the latest update on this issue see the corresponding Knowledge article:TSB 2019-358: Timestamp type-casted to varchar in a binary predicate can produce incorrect result
Inconsistent rows returned from queries in Kudu
Due to KUDU-2463, upon restarting Kudu, inconsistent rows may be returned from tables that have not recently been written to, resulting in any of the following:
- multiple rows for the same key being returned
- deleted data being returned
- inconsistent results consistently being returned for the same query
If this happens, you have two options to resolve the conflicts: write to the affected Kudu partitions by:
- re-deleting the known and deleted data
- upserting the most up-to-date version of affected rows.
Products affected: Apache Kudu
- CDH 5.12.2, 5.13.3, 5.14.4, 5.15.1, 5.16.1
- CDH 6.0.1, 6.1.0, 6.1.1
For the latest update on this issue see the corresponding Knowledge article:TSB 2019-353: Inconsistent rows returned from queries in Kudu
Upstream Issues Fixed
- HADOOP-15442 - ITestS3AMetrics.testMetricsRegister should not know the name of the metrics source.
- HDFS-11751 - DFSZKFailoverController daemon exits with the wrong status code.
- HDFS-12683 - DFSZKFailOverController re-order logic for logging exception.
- HDFS-14111 - hdfsOpenFile on HDFS causes unnecessary IO from file offset 0
- MAPREDUCE-6382 - HTML links in the Diagnostics in JHS job overview must not be escaped.
- MAPREDUCE-7125 - JobResourceUploader creates LocalFileSystem when it's not necessary.
- MAPREDUCE-7131 - Job History Server has race condition where it moves files from intermediate to finished but thinks file is in intermediate.
- YARN-4227 - Ignore expired containers from the removed nodes in FairScheduler.
- YARN-4677 - RMNodeResourceUpdateEvent update from scheduler can lead to race condition.
- HBASE-16810 - HBase Balancer throws ArrayIndexOutOfBoundsException when regionservers are in /hbase/draining znode and unloaded
- HBASE-17510 - DefaultMemStore gets the wrong heap size after rollback
- HBASE-19730 - Backport HBASE-14497 Reverse Scan threw StackOverflow caused by readPt checking
- HBASE-20604 - ProtobufLogReader#readNext can incorrectly loop to the same position in the stream until the the WAL is rolled
- HBASE-21275 - Disable TRACE HTTP method for thrift http server
- HBASE-21546 - ConnectException in TestThriftHttpServer
- HIVE-12476 - Metastore NPE on Oracle with Direct SQL
- HIVE-13278 - Avoid FileNotFoundException when map/reduce.xml is not available
- HIVE-13394 - Analyze table fails in Tez on empty partitions
- HIVE-13592 - metastore calls map is not thread safe
- HIVE-14557 - Nullpointer When both SkewJoin and Mapjoin Enabled
- HIVE-14560 - Support exchange partition between S3 and HDFS tables
- HIVE-14690 - Query fail when hive.exec.parallel=true, with conflicting session dir
- HIVE-16839 - Unbalanced calls to openTransaction/commitTransaction when altering the same partition concurrently
- HIVE-18778 - Needs to capture input/output entities in explain
- HIVE-20331 - Query with union all, lateral view and Join fails with "cannot find parent in the child operator"
- HIVE-20678 - HiveHBaseTableOutputFormat should implement HiveOutputFormat to ensure compatibility
- HIVE-20695 - HoS Query fails with hive.exec.parallel=true
- HIVE-21028 - get_table_meta should use a fetch plan to avoid race conditions ending up in NucleusObjectNotFoundException
- HIVE-21044 - Improvments to HMS metrics
- HIVE-21045 - Add connection pool info and rolling performance info to the metrics system
- HUE-8388 - [oozie] Make Hue create a new workspace when importing an Oozie workflow instead of using the "deployment_dir" field
- HUE-8450 - [editor] Embedded mode improvements for previous Hue version
- HUE-8458 - [frontend] Improve application loading performance
- HUE-8468 - [frontend] Dynamically adding styles in embedded mode fails in Internet Explorer (throws a Java script exception)
- HUE-8584 - [useradmin] Errors returned for Add Sync Ldap Group
- HUE-8585 - [useradmin] Errors returned for Add Sync Ldap Users
- HUE-8631 - HBase is not accessible by way of the Hue server; instead returns "API Error."
- HUE-8660 - [core] File browser cannot view files containing a hash (#) in the name
- HUE-8691 - [useradmin] Attempting to add/sync group will not add users if the objectClass posixGroup exists in the LDAP entry
- HUE-8692 - [useradmin] Group sync fails if all group members are not found with error "No such object"
- HUE-8693 - [useradmin] Security application only displays 100 users in the impersonation list
- HUE-8705 - [oozie] Hidden popup window is blocking the Query drop-down menu and the search box
- HUE-8709 - [useradmin] Black transparent screen remains after confirmation modal is hidden
- HUE-8746 - [pig] Add hcat support to the Pig Editor in Hue
Hue allows unsigned SAML assertions
If Hue receives an unsigned assertion, it continues to process it as valid. This means it is possible for an end-user to forge or remove the signature and manipulate a SAML assertion to gain access without a successful authentication.
Products affected: Hue, CDH
- CDH 5.15.x and earlier
- CDH 5.16.0, 5.16.1
- CDH 6.0.x
- CDH 6.1.x
User affected: All users who are using SAML with Hue.
Date/time of detection: January 2019
Detected by: Joel Snape
Severity (Low/Medium/High): High
This is a significant security risk as it allows anyone to fake their access validity and therefore access Hue, even if they should not have access. In more detail: if Hue receives an unsigned assertion, it continues to process it as valid. This means it is possible for an end-user to forge or remove the signature and manipulate a SAML assertion to gain access without a successful authentication.
- Upgrade (recommended): Upgrade to a version of CDH containing the fix.
- Workaround: None
- CDH 5.16.2
- CDH 6.2.0
- IMPALA-6323 - Impala now supports a constant in the window specifications.
- IMPALA-7960 - Impala now returns a correct result when comparing TIMESTAMP to a string literal in a binary predicate where the TIMESTAMP is casted to VARCHAR of smaller length.
- IMPALA-7961 - Fixed an issue where queries running with the SYNC_DDL query option can fail when the Catalog Server is under a heavy load with concurrent catalog operations of long-running DDLs.
- IMPALA-8058 - Fixed cardinality estimates for HBase queries, which could sometimes yield hugely high numbers.
- IMPALA-8109 - Impala can now read the gzip files bigger than 2 GB.
- IMPALA-8212 - Fixed a race condition in the Kerberos authentication code.
- KITE-1185 - Make root temp directory path configurable in HiveAbstractDatasetRepository
- KUDU-1678 - Fixed a crash caused by a race condition between altering tablet schemas and deleting tablet replicas.
- KUDU-2195 - Now you can use the ‑‑cmeta_force_fsync flag to fsync Kudu’s consensus metadata more aggressively. Setting this to true may decrease Kudu’s performance, but will improve its durability in the face of power failures and forced shutdowns. The issue was much more likely to happen when Kudu was running on XFS.
- KUDU-2463 - Fixed an issue in which incorrect results would be occasionally returned in scans following a server restart.
- CDH-76920 - Fixed the issue where the Kudu CLI crashes when running the 'kudu cluster rebalance' sub-command on some platforms.
- OOZIE-3382 - Implement and backportOptimize SshActionExecutor's drainBuffers method
- SENTRY-2205 - Improve Sentry NN Logging.
- SENTRY-2301 - Log where sentry stands in the snapshot fetching process, periodically
- SENTRY-2372 - SentryStore should not implement grantOptionCheck
- SENTRY-2419 - Log where sentry stands in the process of persisting the snpashot
- SENTRY-2427 - PortUse Hadoop KerberosName class to derive shortName
- SENTRY-2428 - Skip null partitions or partitions with null sds entries
- SENTRY-2437 - PortWhen granting privileges a single transaction per grant causes long delays
- SENTRY-2490 - PortWhen building a full perm update for each object we only build 1 privilege per role
- SENTRY-2498 - Exception while deleting paths that does't exist
- SENTRY-2502 - Modified BackportSentry NN plug-in stops fetching updates from sentry server.
- SENTRY-2511 - Debug level logging on HMSPaths significantly affects performance
Issues Fixed in CDH 5.16.1
CDH 5.16.1 fixes the following issues:
- CVE-2019-10099: Apache Spark local files left unencrypted
- CVE-2018-1296 Permissive Apache Hadoop HDFS listXAttr Authorization Exposes Extended Attribute Key/Value Pairs
- Apache Tomcat Vulnerability CVE-2018-11784
- Cloudera Search restore operation puts shard replicas on same host
- Missing authorization in Apache Impala may allow data injection
- Upstream Issues Fixed
CVE-2019-10099: Apache Spark local files left unencrypted
Certain operations in Spark leave local files unencrypted on disk, even when local file encryption is enabled with “spark.io.encryption.enabled”.
This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem) in the following cases:
- In SparkR when parallelize is used
- In Pyspark when broadcast and parallelize are used
- In Pyspark when python udfs is used
- CDS Powered by Apache Spark
- CDH 5.15.1 and earlier
- CDH 6.0.0
- CDS 2.1.0 release 1 and release 2
- CDS 2.2.0 release 1 and release 2
- CDS 2.3.0 release 3
Users affected: All users who run Spark on CDH and CDS in a multi-user environment.
Date/time of detection: July 2018
Severity (Low/Medium/High): 6.3 Medium (CVSS AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)
Impact: Unencrypted data accessible.
Immediate action required: Upgrade to a version of CDH containing the fix.
Workaround: Do not use of pyspark and the fetch-to-disk options.
- CDH 5.15.2
- CDH 5.16.0
- CDH 6.0.1
- CDS 2.1.0 release 3
- CDS 2.2.0 release 3
- CDS 2.3.0 release 4
CVE-2018-1296 Permissive Apache Hadoop HDFS listXAttr Authorization Exposes Extended Attribute Key/Value Pairs
AHDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent.
Products affected: Apache HDFS
- CDH 5.4.0 - 5.15.1, 5.16.0
- CDH 6.0.0, 6.0.1, 6.1.0
Users affected: Users who store sensitive data in extended attributes, such as users of HDFS encryption.
Date/time of detection: Dcember 12, 2017
Detected by: Rushabh Shah, Yahoo! Inc., Hadoop committer
Severity (Low/Medium/High): Medium
Impact: HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent. This affects features that store sensitive data in extended attributes.
- Upgrade: Update to a version of CDH containing the fix.
- Workaround: If a file contains sensitive data in extended attributes, users and admins need to change the permission to prevent others from listing the directory that contains the file.
- CDH 5.15.2, 5.16.1
- CDH 6.1.1, 6.2.0
Apache Tomcat Vulnerability CVE-2018-11784
Fixed a vulnerability in Apache Tomcat where specially-crafted URLs could be used to redirect to any given URI. CVE-2018-11784.
Cloudera Issue: CDH-73885
Cloudera Search restore operation puts shard replicas on same host
Restoring an Apache Solr collection sometimes places all shard replicas on the same host.
Cloudera Issue: CDH-68828
Missing authorization in Apache Impala may allow data injection
A malicious user who is authenticated with Kerberos may have unauthorized access to internal services used by Impala to transfer intermediate data during query execution. If details of a running query (e.g. query ID, query plan) are available, a user can craft some RPC requests with custom software to inject data into a running query or end query execution prematurely, leading to wrong results of the query.
Cloudera Issue: CDH-72373 / TSB-338
Upstream Issues Fixed
- HADOOP-13426 - Improved IPC performance.
- HADOOP-13483 - Fixed an issue where file-create overwrote directories instead of throwing error messages
- HADOOP-15473 - Configured the serialFilter in KeyProvider to avoid UnrecoverableKeyException caused by JDK-8189997
- HADOOP-15655 - Enhanced KMS client retry behavior. Previously, the KMS did not retry upon SocketTimeoutException.
- HDFS-8229 - Fixed an issue where the LAZY_PERSIST file gets deleted after NameNode restart.
- HDFS-10240 - Fixed a race between close/recoverLease leads to missing block
- HDFS-12299 - Fixed a race between update pipeline and DN Re-Registration
- HDFS-13051 - Fixed a dead lock during async editlog rolling if the edit queue is full.
- HDFS-13322 - Fixed an issue where the UID persists when switching between ticket caches.
- HDFS-13486 - Fixed an issue where a faulty node can cause a lease leak and NPE on accessing data.
- HDFS-13601 - Optimized ByteString conversions in PBHelper.
- HDFS-13611 - Fixed an issue where text was used as a ConcurrentHashMap key in PBHelperClient.
- HDFS-13813 - Added a check to see if a child inode exists in the global FSDirectory directory when saving (serializing) INodeDirectorySection.
- MAPREDUCE-7053 - Fixed an issue where Timed out tasks can fail to produce thread dump
- YARN-6966 - Fixed an issue where NodeManager metrics may return wrong negative values when NM restart.
- YARN-6967 - Fixed an issue where the limit for diagnostic message size was not honored
- YARN-8436 - Fixed an issue where the ResourceManager can fail while sorting queues if an update comes in
- HBASE-15232 - Handle region location cache mgmt in AsyncProcess for multi()'s
- HBASE-15390 - Unnecessary MetaCache evictions cause elevated number of requests to meta
- HBASE-18891 - Upgrade to netty-all 4.0.50.Final
- HBASE-19924 - hbase rpc throttling does not work for multi() with request count rater.
- HBASE-20493 - Port HBASE-19994 (Create a new class for RPC throttling exception, make it retryable) to branch-1
- HBASE-20651 - Master, prevents hbck or shell command to reassign the split parent region
- HBASE-20723 - Custom hbase.wal.dir results in data loss because we write recovered edits into a different place than where the recovering region server looks for them
- HBASE-20997 - rebuildUserRegions() does not build ReplicaMapping during master switchover
Code Changes Should Not Be Required
The following fixes should not require code changes, but they contain improvements that might enhance your deployment:
- HIVE-6980 - Drop table by using direct sql
- HIVE-10296 - Cast exception observed when hive runs a multi join query on metastore (postgres), since postgres pushes the filter into the join, and ignores the condition before applying cast
- HIVE-12981 - ThriftCLIService uses incompatible getShortName() implementation
- HIVE-15237 - Propagate Spark job failure to Hive
- HIVE-15860 - RemoteSparkJobMonitor may hang when RemoteDriver exits abnormally
- HIVE-16483 - HoS should populate split related configurations to HiveConf
- HIVE-17213 - HoS file merging doesn't work for union all
- HIVE-18031 - Support replication for Alter Database operation
- HIVE-18283 - Better error message and error code for HoS exceptions
- HIVE-18765 - SparkClientImpl swallows exception messages from the RemoteDriver
- HIVE-18916 - SparkClientImpl doesn't error out if spark-submit fails
- HIVE-19259 - Create view on tables having union all fail with 'Table not found'
- HIVE-19310 - Metastore: MetaStoreDirectSql.ensureDbInit has some slow DN calls which might need to be run only in test env
- HIVE-19371 - Add table ownerType to HMS thrift API
- HIVE-19372 - Add table ownerType to JDO/SQL and ObjectStore
- HIVE-19374 - Parse and process ALTER TABLE SET OWNER command syntax
- HIVE-19605 - TAB_COL_STATS table has no index on db/table name
- HIVE-19668 - Over 30% of the heap wasted by duplicate org.antlr.runtime.CommonToken's and duplicate strings
- HIVE-19783 - Retrieve only locations in HiveMetaStore.dropPartitionsAndGetLocations
- HIVE-20183 - Inserting from bucketed table can cause data loss, if the source table contains empty bucket
- HIVE-20345 - Drop database may hang if the tables get deleted from a different call
- HUE-8118 - [core] Fine grain tracking of the memory usage
- HUE-8118 - [core] The duration of the request is always shown even when instrumentation flag is off
- HUE-8128 - [backend] Force debug logging in server logs does not get all debug
- HUE-8162 - [core] Add delete operation to the right document assist
- HUE-8177 - [oozie] Add a config check for /user/hue/oozie/workspaces
- HUE-8377 - [security] Support new Sentry finer grain privileges
- HUE-8377 - [security] Correctly apply the new permissions to the database scope
- HUE-8451 - [notebook] Many "codec can't decode byte" errors on pig execution if browser language=jp
- HUE-8464 - [core] Fix SAML encryption missing key file passphrase
- HUE-8467 - [jobbrowser] Support impala digest auth for queries
- HUE-8475 - [report] Protect against pivot conflicting with nested facets
- HUE-8476 - [frontend] Fix jQuery Hive autocomplete column mapping
- HUE-8487 - [useradmin] Fix Add Sync LDAP user fails when using DN with special character
- HUE-8505 - [core] Close impala session on logout
- HUE-8519 - [jb] Impala API can now directly return json
- HUE-8558 - [jb] Add tracking URL to Spark Jobs and remove url and killUrl
- HUE-8564 - [useradmin] Fix last activity update for jobbrowser/api/jobs requests
- HUE-8564 - [useradmin] Fix last activity update for notebook/api/check_status
- HUE-8571 - [sentry] navigator_api ERROR for PRIVILEGE_HIERARCHY[hierarchy[server][SENTRY_PRIVILEGE_KEY]['action']]
- HUE-8602 - [sentry] Remove ALTER and DROP in the Hive section
- IMPALA-6086 - Require the SELECT privilege on the database for built-in function calls.
- IMPALA-6451 - Fixed the AuthorizationException in CTAS for Kudu tables.
- IMPALA-6479 - DESCRIBE now respects column level privileges and only shows the columns that the user has the privilege to view.
- IMPALA-6571 - Fixed the NullPointerException in SHOW CREATE TABLE for HBase tables.
- IMPALA-7225 - REFRESH..PARTITION no longer reset the number of rows in a partition.
- IMPALA-7272 - Fixed the crash in StringMinMaxFilter.
- IMPALA-7360 - Fixed an issue where Avro scanner sometimes skipped blocks when skip marker was on HDFS block boundary.
- IMPALA-7419 - Fixed the NullPointerException in SimplifyConditionalsRule.
- IMPALA-7483 - impalad/catalogd on JVM deadlock now get aborted.
- IMPALA-7520 - Fixed the NullPointerException in SentryProxy.
- KUDU-2260 - Fixed a rare issue where system failure could leave unexpected null bytes at the end of metadata files, causing Kudu to be unable to restart.
- KUDU-2364 - Fixed an issue when a tablet server was wiped and recreated with the same RPC address, ksck listed it twice, both as healthy, even though only one of them was there.
- KUDU-2412 - The kudu-python client can now compile in environments where __int128 is not supported. This was most commonly el6 environments.
- KUDU-2509 - Fixed an issue that might result in a crash of a tablet server in case of a WAL replay error while bootstrapping a tablet.
- KUDU-2580 - Fixed authentication token reacquisition in the C++ client.
- Fixed an issue that caused the kudu CLI tool to unexpectedly exit when the connection to the master or tserver was abruptly closed.
- SENTRY-1272 - Enable ALTERVIEW_RENAME and ALTERVIEW_AS operation in hive binding
- SENTRY-2194 - Upgrade Sentry hadoop-version dependency to 2.7.5
- SENTRY-2210 - AUTHZ_PATH should have index on the foreign key AUTHZ_OBJ_ID
- SENTRY-2214 - Sentry should not allow URI grants to EMPTY or NULL locations
- SENTRY-2219 - Create index AUTHZ_PATH_FK_IDX at table AUTHZ_PATH only when it does not exist for Oracle
- SENTRY-2238 - Explicitly set Database on SentryHivePrivilegeObjectDesc
- SENTRY-2299 - NPE In Sentry HDFS Sync Plugin
- SENTRY-2310 - Sentry is not be able to fetch full update subsequently, when there is HMS restart in the snapshot process.
- SENTRY-2332 - Load hadoop default configuration when starting sentry service
- SENTRY-2333 - Create index AUTHZ_PATH_FK_IDX at table AUTHZ_PATH for Postgres only when it does not exist
- SENTRY-2403 - Incorrect naming in RollingFileWithoutDeleteAppender
- SENTRY-2406 - Make sure inputHierarchy and outputHierarchy have unique values