Hi, recently we encountered the following vulnerability in Qualys scan. We are using CDH 5.16. Any thoughts on how to mitigate, we cannot upgrade to CDH 6.x at this time.
Apache Spark Multiple Vulnerabilities QID: 371071 CVSS Base: 4.9 Category: Local CVSS Temporal: 3.6 CVE ID: CVE-2018-8024, CVE-2018-1334 Vendor Reference: Apache Spark 1, Apache Spark 2 Bugtraq ID: - Service Modified: 03/02/2019 CVSS3 Base: 5.4 User Modified: - CVSS3 Temporal: 4.7 Edited: No PCI Vuln: Yes SOLUTION: The vendor has released patches. For more information please visit here (https://lists.apache.org/thread. html/5f241d2cda21cbcb3b63e46e474cf5f50cce66927f08399f4fab0aba@%3Cdev.spark.apache.org%3E) and here (https://lists.apache.org/ thread.html/4d6d210e319a501b740293daaeeeadb51927111fb8261a3e4cd60060@%3Cdev.spark.apache.org%3E) Patches can be downloaded from Apache Spark download page (https://spark.apache.org/downloads.html). Patch: Following are links for downloading patches to fix the vulnerabilities: Apache Spark CVE-2018-8024 (https://lists.apache.org/thread.html/5f241d2cda21cbcb3b63e46e474cf5f50cce66927f08399f4fab0aba@% 3Cdev.spark.apache.org%3E) Apache Spark CVE-2018-1334 (https://lists.apache.org/thread. html/4d6d210e319a501b740293daaeeeadb51927111fb8261a3e4cd60060@%3Cdev.spark.apache.org%3E)