You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Sean R. Owen (Jira)" <ji...@apache.org> on 2022/08/31 17:43:00 UTC
[jira] [Commented] (SPARK-40126) Security scanning spark v3.3.0 docker image results in DSA-5169-1 critical vulnerability
[ https://issues.apache.org/jira/browse/SPARK-40126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17598534#comment-17598534 ]
Sean R. Owen commented on SPARK-40126:
--------------------------------------
This isn't part of Spark. You're looking at some convenience distribution in a Docker image
> Security scanning spark v3.3.0 docker image results in DSA-5169-1 critical vulnerability
> ----------------------------------------------------------------------------------------
>
> Key: SPARK-40126
> URL: https://issues.apache.org/jira/browse/SPARK-40126
> Project: Spark
> Issue Type: Dependency upgrade
> Components: Build
> Affects Versions: 3.3.0
> Reporter: Jason Tan
> Priority: Major
>
> Dear Spark Team,
> Whilst security scanning the docker image: docker.io/apache/spark:v3.3.0, I discovered the following vulnerability/scan results within the image :
> Type: VULNERABILITY
> Name: DSA-5169-1
> CVSS Score v3: 9.8
> Severity: critical
> The advice from [https://www.debian.org/security/2022/dsa-5169] suggests to upgrade the version of openssl to 1.1.1n-0+deb11u3
> Steps to reproduce:
> Install trivy [https://aquasecurity.github.io/trivy/v0.18.3/installation/]
> trivy image docker.io/apache/spark:v3.3.0
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org