Reply
Highlighted
Expert Contributor
Posts: 73
Registered: ‎09-14-2017

Apache Spark Multiple Vulnerabilities

[ Edited ]

Hi, recently we encountered the following vulnerability in Qualys scan. We are using CDH 5.16. Any thoughts on how to mitigate, we cannot upgrade to CDH 6.x at this time.

 

Apache Spark Multiple Vulnerabilities
QID: 371071 CVSS Base: 4.9
Category: Local CVSS Temporal: 3.6
CVE ID: CVE-2018-8024, CVE-2018-1334
Vendor Reference: Apache Spark 1, Apache Spark 2
Bugtraq ID: -
Service Modified: 03/02/2019 CVSS3 Base: 5.4
User Modified: - CVSS3 Temporal: 4.7
Edited: No
PCI Vuln: Yes
SOLUTION:
The vendor has released patches. For more information please visit here (https://lists.apache.org/thread.
html/5f241d2cda21cbcb3b63e46e474cf5f50cce66927f08399f4fab0aba@%3Cdev.spark.apache.org%3E) and here (https://lists.apache.org/
thread.html/4d6d210e319a501b740293daaeeeadb51927111fb8261a3e4cd60060@%3Cdev.spark.apache.org%3E)
Patches can be downloaded from Apache Spark download page (https://spark.apache.org/downloads.html).
Patch:
Following are links for downloading patches to fix the vulnerabilities:
Apache Spark CVE-2018-8024 (https://lists.apache.org/thread.html/5f241d2cda21cbcb3b63e46e474cf5f50cce66927f08399f4fab0aba@%
3Cdev.spark.apache.org%3E)
Apache Spark CVE-2018-1334 (https://lists.apache.org/thread.
html/4d6d210e319a501b740293daaeeeadb51927111fb8261a3e4cd60060@%3Cdev.spark.apache.org%3E)