[
https://issues.apache.org/jira/browse/SPARK-28938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16945826#comment-16945826
]
Rodney Aaron Stainback edited comment on SPARK-28938 at 10/7/19 12:07 PM:
--------------------------------------------------------------------------
Image ID CVE Package Version Severity Status CVSS
----- -- --- ------- ------- -------- ------ ----
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2016-3720
com.fasterxml.jackson.core_jackson-core 2.6.7 critical 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-19361
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 critical fixed in 2.9.8 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-19360
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 critical fixed in 2.9.8 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-7489
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 critical fixed in 2.9.5,
2.8.11.1, 2.7.9.3 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2017-15718
org.apache.hadoop_hadoop-hdfs 2.7.3 critical 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-14721
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 critical fixed in 2.9.7 10
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-14718
com.fasterxml.jackson.core_jackson-databind 2.4.0 critical fixed in 2.9.7 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2017-15095
com.fasterxml.jackson.core_jackson-databind 2.4.0 critical fixed in 2.9.1,
2.8.10 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-7489
com.fasterxml.jackson.core_jackson-databind 2.4.0 critical fixed in 2.9.5,
2.8.11.1, 2.7.9.3 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-14720
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 critical fixed in 2.9.7 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2016-3720
com.fasterxml.jackson.core_jackson-core 2.4.0 critical 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-14719
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 critical fixed in 2.9.7 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-14718
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 critical fixed in 2.9.7 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2017-15095
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 critical fixed in 2.9.1,
2.8.10 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-19362
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 critical fixed in 2.9.8 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2016-7051
com.fasterxml.jackson.core_jackson-core 2.6.7 high fixed in 2.8.4, 2.7.8 8.6
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-8012
org.apache.zookeeper_zookeeper 3.4.6 high fixed in 3.4.10 7.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-5968
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 high fixed in 2.7.9.5 8.1
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2016-7051
com.fasterxml.jackson.core_jackson-core 2.4.0 high fixed in 2.8.4, 2.7.8 8.6
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2016-5017
org.apache.zookeeper_zookeeper 3.4.6 high fixed in 3.5.3, 3.4.9 8.1
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-16335
com.fasterxml.jackson.core_jackson-databind 2.4.0 high fixed in 2.9.10 7.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-14540
com.fasterxml.jackson.core_jackson-databind 2.4.0 high fixed in 2.9.10 7.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2017-5637
org.apache.zookeeper_zookeeper 3.4.6 high 7.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2017-9735
org.eclipse.jetty_jetty-io 9.3.24.v20180605 high 7.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2016-6811
org.apache.hadoop_hadoop-hdfs 2.7.3 high fixed in 2.7.4 8.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-5968
com.fasterxml.jackson.core_jackson-databind 2.4.0 high fixed in 2.7.9.5 8.1
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-15847 gcc 8.3.0-r0
high 7.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-16335
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 high fixed in 2.9.10 7.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-14540
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 high fixed in 2.9.10 7.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2017-3166
org.apache.hadoop_hadoop-hdfs 2.7.3 high 7.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-1296
org.apache.hadoop_hadoop-hdfs 2.7.3 high 7.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-8029
org.apache.hadoop_hadoop-hdfs 2.7.3 high 8.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-10086
commons-beanutils_commons-beanutils 1.9.3 high 7.3
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-10237
com.google.guava_guava 11.0.2 medium fixed in 24.1.1 5.9
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-1000873
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 medium fixed in 2.9.8 6.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-1000873
com.fasterxml.jackson.core_jackson-databind 2.4.0 medium fixed in 2.9.8 6.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-10241
org.eclipse.jetty_jetty-io 9.3.24.v20180605 medium 6.1
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-15133 giflib
5.1.4-r2 medium fixed in 5.1.9-r0 6.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-0201
org.apache.zookeeper_zookeeper 3.4.6 medium 5.9
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-16168 sqlite
3.28.0-r0 medium 5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-1563 openssl
1.1.1b-r1 medium 4.3
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2745 java
1.8.0_212 medium 5.1
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2762 java
1.8.0_212 medium 5.3
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2017-15713
org.apache.hadoop_hadoop-hdfs 2.7.3 medium fixed in 2.8.3, 2.7.5 6.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-1549 openssl
1.1.1b-r1 medium 5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-10237
com.google.guava_guava 14.0.1 medium fixed in 24.1.1 5.9
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2816 java
1.8.0_212 medium 4.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2816 java
1.8.0_212 medium 4.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2769 java
1.8.0_212 medium 5.3
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2745 java
1.8.0_212 medium 5.1
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2762 java
1.8.0_212 medium 5.3
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2769 java
1.8.0_212 medium 5.3
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2786 java
1.8.0_212 low 3.4
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2842 java
1.8.0_212 low 3.7
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2842 java
1.8.0_212 low 3.7
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2786 java
1.8.0_212 low 3.4
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-1552 openssl
1.1.1b-r1 low 3.3
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-1547 openssl
1.1.1b-r1 low 1.9
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2766 java
1.8.0_212 low 3.1
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2766 java
1.8.0_212 low 3.1
was (Author: acehack):
List of CVEs
mage ID CVE Package Version Severity Status CVSS
----- -- --- ------- ------- -------- ------ ----
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2016-3720
com.fasterxml.jackson.core_jackson-core 2.6.7 critical 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-19361
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 critical fixed in 2.9.8 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-19360
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 critical fixed in 2.9.8 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-7489
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 critical fixed in 2.9.5,
2.8.11.1, 2.7.9.3 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2017-15718
org.apache.hadoop_hadoop-hdfs 2.7.3 critical 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-14721
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 critical fixed in 2.9.7 10
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-14718
com.fasterxml.jackson.core_jackson-databind 2.4.0 critical fixed in 2.9.7 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2017-15095
com.fasterxml.jackson.core_jackson-databind 2.4.0 critical fixed in 2.9.1,
2.8.10 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-7489
com.fasterxml.jackson.core_jackson-databind 2.4.0 critical fixed in 2.9.5,
2.8.11.1, 2.7.9.3 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-14720
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 critical fixed in 2.9.7 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2016-3720
com.fasterxml.jackson.core_jackson-core 2.4.0 critical 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-14719
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 critical fixed in 2.9.7 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-14718
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 critical fixed in 2.9.7 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2017-15095
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 critical fixed in 2.9.1,
2.8.10 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-19362
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 critical fixed in 2.9.8 9.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2016-7051
com.fasterxml.jackson.core_jackson-core 2.6.7 high fixed in 2.8.4, 2.7.8 8.6
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-8012
org.apache.zookeeper_zookeeper 3.4.6 high fixed in 3.4.10 7.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-5968
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 high fixed in 2.7.9.5 8.1
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2016-7051
com.fasterxml.jackson.core_jackson-core 2.4.0 high fixed in 2.8.4, 2.7.8 8.6
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2016-5017
org.apache.zookeeper_zookeeper 3.4.6 high fixed in 3.5.3, 3.4.9 8.1
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-16335
com.fasterxml.jackson.core_jackson-databind 2.4.0 high fixed in 2.9.10 7.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-14540
com.fasterxml.jackson.core_jackson-databind 2.4.0 high fixed in 2.9.10 7.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2017-5637
org.apache.zookeeper_zookeeper 3.4.6 high 7.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2017-9735
org.eclipse.jetty_jetty-io 9.3.24.v20180605 high 7.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2016-6811
org.apache.hadoop_hadoop-hdfs 2.7.3 high fixed in 2.7.4 8.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-5968
com.fasterxml.jackson.core_jackson-databind 2.4.0 high fixed in 2.7.9.5 8.1
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-15847 gcc 8.3.0-r0
high 7.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-16335
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 high fixed in 2.9.10 7.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-14540
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 high fixed in 2.9.10 7.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2017-3166
org.apache.hadoop_hadoop-hdfs 2.7.3 high 7.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-1296
org.apache.hadoop_hadoop-hdfs 2.7.3 high 7.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-8029
org.apache.hadoop_hadoop-hdfs 2.7.3 high 8.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-10086
commons-beanutils_commons-beanutils 1.9.3 high 7.3
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-10237
com.google.guava_guava 11.0.2 medium fixed in 24.1.1 5.9
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-1000873
com.fasterxml.jackson.core_jackson-databind 2.6.7.1 medium fixed in 2.9.8 6.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-1000873
com.fasterxml.jackson.core_jackson-databind 2.4.0 medium fixed in 2.9.8 6.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-10241
org.eclipse.jetty_jetty-io 9.3.24.v20180605 medium 6.1
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-15133 giflib
5.1.4-r2 medium fixed in 5.1.9-r0 6.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-0201
org.apache.zookeeper_zookeeper 3.4.6 medium 5.9
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-16168 sqlite
3.28.0-r0 medium 5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-1563 openssl
1.1.1b-r1 medium 4.3
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2745 java
1.8.0_212 medium 5.1
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2762 java
1.8.0_212 medium 5.3
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2017-15713
org.apache.hadoop_hadoop-hdfs 2.7.3 medium fixed in 2.8.3, 2.7.5 6.5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-1549 openssl
1.1.1b-r1 medium 5
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2018-10237
com.google.guava_guava 14.0.1 medium fixed in 24.1.1 5.9
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2816 java
1.8.0_212 medium 4.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2816 java
1.8.0_212 medium 4.8
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2769 java
1.8.0_212 medium 5.3
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2745 java
1.8.0_212 medium 5.1
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2762 java
1.8.0_212 medium 5.3
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2769 java
1.8.0_212 medium 5.3
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2786 java
1.8.0_212 low 3.4
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2842 java
1.8.0_212 low 3.7
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2842 java
1.8.0_212 low 3.7
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2786 java
1.8.0_212 low 3.4
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-1552 openssl
1.1.1b-r1 low 3.3
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-1547 openssl
1.1.1b-r1 low 1.9
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2766 java
1.8.0_212 low 3.1
gcr.io/spark-operator/spark:v2.4.4 4822c688a8493e9c CVE-2019-2766 java
1.8.0_212 low 3.1
> Kubernetes using unsupported docker image
> -----------------------------------------
>
> Key: SPARK-28938
> URL: https://issues.apache.org/jira/browse/SPARK-28938
> Project: Spark
> Issue Type: Improvement
> Components: Kubernetes
> Affects Versions: 3.0.0
> Environment: Kubernetes
> Reporter: Rodney Aaron Stainback
> Priority: Minor
>
> The current docker image used by Kubernetes
> {code:java}
> openjdk:8-alpine{code}
> is not supported
> [https://github.com/docker-library/docs/blob/master/openjdk/README.md#supported-tags-and-respective-dockerfile-links]
> It was removed with this commit
> [https://github.com/docker-library/openjdk/commit/3eb0351b208d739fac35345c85e3c6237c2114ec#diff-f95ffa3d1377774732c33f7b8368e099]
> Quote from commit "4. no more OpenJDK 8 Alpine images (Alpine/musl is not
> officially supported by the OpenJDK project, so this reflects that -- see
> "Project Portola" for the Alpine porting efforts which I understand are still
> in need of help)"
>
> Please move to a supported image for Kubernetes
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
