You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Jason Tan (Jira)" <ji...@apache.org> on 2022/08/17 15:59:00 UTC

[jira] [Updated] (SPARK-40126) Security scanning spark v3.3.0 docker image results in DSA-5169-1 critical vulnerability

     [ https://issues.apache.org/jira/browse/SPARK-40126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jason Tan updated SPARK-40126:
------------------------------
    Summary: Security scanning spark v3.3.0 docker image results in DSA-5169-1 critical vulnerability  (was: Security scanning spark v3.3.0 results in DSA-5169-1 critical vulnerability)

> Security scanning spark v3.3.0 docker image results in DSA-5169-1 critical vulnerability
> ----------------------------------------------------------------------------------------
>
>                 Key: SPARK-40126
>                 URL: https://issues.apache.org/jira/browse/SPARK-40126
>             Project: Spark
>          Issue Type: Dependency upgrade
>          Components: Build
>    Affects Versions: 3.3.0
>            Reporter: Jason Tan
>            Priority: Major
>
> Dear Spark Team,
> Whilst security scanning the docker image: docker.io/apache/spark:v3.3.0, I discovered the following vulnerability/scan results within the image :
>       Type:            VULNERABILITY
>       Name:            DSA-5169-1
>       CVSS Score v3:   9.8
>       Severity:        critical
> The advice from [https://www.debian.org/security/2022/dsa-5169] suggests to upgrade the version of openssl to 1.1.1n-0+deb11u3



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org