Progress DataDirect for ODBC for Apache Spark SQL Wire Protocol Driver
An asterisk (*) indicates support that was added in a hotfix or software patch subsequent to a release.
The drivers have been updated with OpenSSL library version 1.0.2h, which addresses the following security vulnerabilities*:
- "Padding oracle in AES-NI CBC MAC check" (CVE-2016-2107)
- "EVP_EncodeUpdate overflow" (CVE-2016-2105)
- "EVP_EncryptUpdate overflow" (CVE-2016-2106)
- "ASN.1 BIO excessive memory allocation" (CVE-2016-2109)
- "EBCDIC overread" (CVE-2016-2176)
Version 1.0.2h also addresses the following vulnerabilities resolved by earlier versions of the library.
Originally resolved by the version 1.0.2g upgrade:
- "missing Memory allocation success checks in doapr_outch function in
- "Cross‐protocol attack on TLS using SSLv2 (DROWN)" (CVE‐2016‐0800)
- "memory issues in BIO_*printf functions" (CVE‐2016‐0799)
- "Memory leak in SRP database lookups" (CVE‐2016‐0798)
- "Double‐free in DSA code" (CVE‐2016‐0705)
- "Side channel attack on modular exponentiation" (CVE-2016-0702)
Originally resolved by the version 1.0.2.f upgrade:
For more information on the OpenSSL vulnerabilities resolved by this upgrade,
refer to the corresponding OpenSSL announcements at
- Provides stronger cryptographic assurance against the "Logjam" vulnerability (CVE‐2015‐4000)
- "DH small subgroups" (CVE‐2016‐0701)
- "SSLv2 doesn't block disabled ciphers" (CVE‐2015‐3197)
- "BN_mod_exp may produce incorrect results on x86_64" (CVE‐2015‐3193)
- "Certificate verify crash with missing PSS parameter"(CVE‐2015‐3194)
- "X509_ATTRIBUTE memory leak" (CVE‐2015‐3195)
- The default OpenSSL library version has been updated to 1.0.2g.*
- The default OpenSSL library version has been updated to 1.0.2f.
- Certified with Spark SQL 1.4.x and 1.5.x
- The driver has been enhanced to support the Decimal and Varchar data types.
- The new Min Long Varchar Size connection option allows you to fetch SQL_LONGVARCHAR columns whose size is smaller than the minimum imposed by some third-party applications, such as SQL Server Linked Server.
- The new Varchar Threshold connection option allows you to fetch columns that would otherwise exceed the upper limit of the SQL_VARCHAR type for some third-party applications, such as SQL Server Linked Server.
- Support for Apache Spark SQL 1.2.x and 1.3.x.
- DataDirect Wire Protocol technology for improved response time and throughput.
- Support for all ODBC Core and Level 1 functions.
- Support for core SQL-92 grammar.
- Advanced security features, including:
- Kerberos authentication
- Data encryption