You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Sean R. Owen (Jira)" <ji...@apache.org> on 2022/08/31 17:43:00 UTC

[jira] [Resolved] (SPARK-40126) Security scanning spark v3.3.0 docker image results in DSA-5169-1 critical vulnerability

     [ https://issues.apache.org/jira/browse/SPARK-40126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sean R. Owen resolved SPARK-40126.
----------------------------------
    Resolution: Invalid

> Security scanning spark v3.3.0 docker image results in DSA-5169-1 critical vulnerability
> ----------------------------------------------------------------------------------------
>
>                 Key: SPARK-40126
>                 URL: https://issues.apache.org/jira/browse/SPARK-40126
>             Project: Spark
>          Issue Type: Dependency upgrade
>          Components: Build
>    Affects Versions: 3.3.0
>            Reporter: Jason Tan
>            Priority: Major
>
> Dear Spark Team,
> Whilst security scanning the docker image: docker.io/apache/spark:v3.3.0, I discovered the following vulnerability/scan results within the image :
>       Type:            VULNERABILITY
>       Name:            DSA-5169-1
>       CVSS Score v3:   9.8
>       Severity:        critical
> The advice from [https://www.debian.org/security/2022/dsa-5169] suggests to upgrade the version of openssl to 1.1.1n-0+deb11u3
> Steps to reproduce:
> Install trivy [https://aquasecurity.github.io/trivy/v0.18.3/installation/]
> trivy image docker.io/apache/spark:v3.3.0



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org