You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Jason Tan (Jira)" <ji...@apache.org> on 2022/08/17 15:59:00 UTC
[jira] [Updated] (SPARK-40126) Security scanning spark v3.3.0 docker image results in DSA-5169-1 critical vulnerability
[ https://issues.apache.org/jira/browse/SPARK-40126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jason Tan updated SPARK-40126:
------------------------------
Summary: Security scanning spark v3.3.0 docker image results in DSA-5169-1 critical vulnerability (was: Security scanning spark v3.3.0 results in DSA-5169-1 critical vulnerability)
> Security scanning spark v3.3.0 docker image results in DSA-5169-1 critical vulnerability
> ----------------------------------------------------------------------------------------
>
> Key: SPARK-40126
> URL: https://issues.apache.org/jira/browse/SPARK-40126
> Project: Spark
> Issue Type: Dependency upgrade
> Components: Build
> Affects Versions: 3.3.0
> Reporter: Jason Tan
> Priority: Major
>
> Dear Spark Team,
> Whilst security scanning the docker image: docker.io/apache/spark:v3.3.0, I discovered the following vulnerability/scan results within the image :
> Type: VULNERABILITY
> Name: DSA-5169-1
> CVSS Score v3: 9.8
> Severity: critical
> The advice from [https://www.debian.org/security/2022/dsa-5169] suggests to upgrade the version of openssl to 1.1.1n-0+deb11u3
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org