[jira] [Updated] (KAFKA-14324) [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1
[
https://issues.apache.org/jira/browse/KAFKA-14324?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bruno Cadonna updated KAFKA-14324:
--
Fix Version/s: 3.2.4
3.1.3
3.0.3
3.3.2
> [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1
> --
>
> Key: KAFKA-14324
> URL: https://issues.apache.org/jira/browse/KAFKA-14324
> Project: Kafka
> Issue Type: Bug
> Components: streams
>Affects Versions: 3.1.2, 3.2.3, 3.3.1
>Reporter: VZhang
>Assignee: Christo Lolov
>Priority: Critical
> Fix For: 3.4.0, 3.3.2, 3.2.4, 3.1.3, 3.0.3
>
> Attachments: 6.29.4.1_to_7.1.2_compat_report.html,
> 6.29.4.1_to_7.7.3_compat_report.html
>
>
> Hi, Team
> There is an old CVE introduced by rocksdbjni-6.29.4.1, which has already been
> fixed by
> [https://github.com/facebook/rocksdb/commit/5dbdb197f19644d3f53f75781a3ef56e4387134b]
> [https://nvd.nist.gov/vuln/detail/cve-2018-25032]
> *Current Description:*
> zlib before 1.2.12 allows memory corruption when deflating (i.e., when
> compressing) if the input has many distant matches.
> CVE-2018-25032 - CVSS Score:{*}7.5{*} (v3.0) (zlib-1.2.11)
> Please help to upgrade the rocksdb.
> Thanks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (KAFKA-14324) [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1
[
https://issues.apache.org/jira/browse/KAFKA-14324?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
VZhang updated KAFKA-14324:
---
Attachment: 6.29.4.1_to_7.7.3_compat_report.html
> [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1
> --
>
> Key: KAFKA-14324
> URL: https://issues.apache.org/jira/browse/KAFKA-14324
> Project: Kafka
> Issue Type: Bug
> Components: streams
>Affects Versions: 3.1.2, 3.2.3, 3.3.1
>Reporter: VZhang
>Priority: Critical
> Fix For: 3.4.0
>
> Attachments: 6.29.4.1_to_7.1.2_compat_report.html,
> 6.29.4.1_to_7.7.3_compat_report.html
>
>
> Hi, Team
> There is an old CVE introduced by rocksdbjni-6.29.4.1, which has already been
> fixed by
> [https://github.com/facebook/rocksdb/commit/5dbdb197f19644d3f53f75781a3ef56e4387134b]
> [https://nvd.nist.gov/vuln/detail/cve-2018-25032]
> *Current Description:*
> zlib before 1.2.12 allows memory corruption when deflating (i.e., when
> compressing) if the input has many distant matches.
> CVE-2018-25032 - CVSS Score:{*}7.5{*} (v3.0) (zlib-1.2.11)
> Please help to upgrade the rocksdb.
> Thanks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (KAFKA-14324) [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1
[
https://issues.apache.org/jira/browse/KAFKA-14324?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
VZhang updated KAFKA-14324:
---
Attachment: 6.29.4.1_to_7.1.2_compat_report.html
> [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1
> --
>
> Key: KAFKA-14324
> URL: https://issues.apache.org/jira/browse/KAFKA-14324
> Project: Kafka
> Issue Type: Bug
> Components: streams
>Affects Versions: 3.1.2, 3.2.3, 3.3.1
>Reporter: VZhang
>Priority: Critical
> Fix For: 3.4.0
>
> Attachments: 6.29.4.1_to_7.1.2_compat_report.html,
> 6.29.4.1_to_7.7.3_compat_report.html
>
>
> Hi, Team
> There is an old CVE introduced by rocksdbjni-6.29.4.1, which has already been
> fixed by
> [https://github.com/facebook/rocksdb/commit/5dbdb197f19644d3f53f75781a3ef56e4387134b]
> [https://nvd.nist.gov/vuln/detail/cve-2018-25032]
> *Current Description:*
> zlib before 1.2.12 allows memory corruption when deflating (i.e., when
> compressing) if the input has many distant matches.
> CVE-2018-25032 - CVSS Score:{*}7.5{*} (v3.0) (zlib-1.2.11)
> Please help to upgrade the rocksdb.
> Thanks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (KAFKA-14324) [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1
[
https://issues.apache.org/jira/browse/KAFKA-14324?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
A. Sophie Blee-Goldman updated KAFKA-14324:
---
Fix Version/s: 3.4.0
> [CVE-2018-25032] introduced by rocksdbjni:6.29.4.1
> --
>
> Key: KAFKA-14324
> URL: https://issues.apache.org/jira/browse/KAFKA-14324
> Project: Kafka
> Issue Type: Bug
> Components: streams
>Affects Versions: 3.1.2, 3.2.3, 3.3.1
>Reporter: VZhang
>Priority: Critical
> Fix For: 3.4.0
>
>
> Hi, Team
> There is an old CVE introduced by rocksdbjni-6.29.4.1, which has already been
> fixed by
> [https://github.com/facebook/rocksdb/commit/5dbdb197f19644d3f53f75781a3ef56e4387134b]
> [https://nvd.nist.gov/vuln/detail/cve-2018-25032]
> *Current Description:*
> zlib before 1.2.12 allows memory corruption when deflating (i.e., when
> compressing) if the input has many distant matches.
> CVE-2018-25032 - CVSS Score:{*}7.5{*} (v3.0) (zlib-1.2.11)
> Please help to upgrade the rocksdb.
> Thanks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
