You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@datalab.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2022/03/15 09:40:00 UTC

[jira] [Updated] (DATALAB-2733) [GCP] Error during Dataproc cluster creation "Selected software image version is vulnerable to remote code execution"

     [ https://issues.apache.org/jira/browse/DATALAB-2733?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

ASF GitHub Bot updated DATALAB-2733:
------------------------------------
    Labels: Debian DevOps GCP RedHat pull-request-available  (was: Debian DevOps GCP RedHat)

> [GCP] Error during Dataproc cluster creation "Selected software image version is vulnerable to remote code execution"
> ---------------------------------------------------------------------------------------------------------------------
>
>                 Key: DATALAB-2733
>                 URL: https://issues.apache.org/jira/browse/DATALAB-2733
>             Project: Apache DataLab
>          Issue Type: Bug
>      Security Level: Public(Regular Issues) 
>    Affects Versions: v.2.5.2
>            Reporter: Ruslan Kulynych
>            Assignee: Leonid Frolov
>            Priority: Major
>              Labels: Debian, DevOps, GCP, RedHat, pull-request-available
>             Fix For: v.2.5.2
>
>         Attachments: gcp_dataproc_error_version.PNG
>
>
> *Preconditions:*
>  # Jupyter notebook is in running status
> *Steps to reproduce:*
>  # Create Dataproc cluster
> *Actual result:*
>  # Dataproc cluster creation error
> {code:java}
> "Selected software image version 2.0.0-RC22-ubuntu18 is vulnerable to remote code execution due to a log4j vulnerability (CVE-2021-44228) and cannot be used to create new clusters. Please upgrade to image versions >=1.3.95, >=1.4.77, >=1.5.53, or >=2.0.27. For more information, see https://cloud.google.com/dataproc/docs/guides/recreate-cluster". Details: "Selected software image version 2.0.0-RC22-ubuntu18 is vulnerable to remote code execution due to a log4j vulnerability (CVE-2021-44228) and cannot be used to create new clusters. Please upgrade to image versions >=1.3.95, >=1.4.77, >=1.5.53, or >=2.0.27."> {code}
> *Expected result:*
>  # Dataproc cluster creation is successful



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@datalab.apache.org
For additional commands, e-mail: dev-help@datalab.apache.org