[jira] [Created] (SPARK-40126) Security scanning spark v3.3.0 results in DSA-5169-1 critical vulnerability

Jason Tan (Jira) Wed, 17 Aug 2022 08:58:06 -0700

Jason Tan created SPARK-40126:
---------------------------------

             Summary: Security scanning spark v3.3.0 results in DSA-5169-1 
critical vulnerability
                 Key: SPARK-40126
                 URL: https://issues.apache.org/jira/browse/SPARK-40126
             Project: Spark
          Issue Type: Dependency upgrade
          Components: Build
    Affects Versions: 3.3.0
            Reporter: Jason Tan



Dear Spark Team,

Whilst security scanning the docker image: docker.io/apache/spark:v3.3.0, I 
discovered the following vulnerability/scan results within the image :



      Type:            VULNERABILITY

      Name:            DSA-5169-1

      CVSS Score v3:   9.8

      Severity:        critical

The advice from [https://www.debian.org/security/2022/dsa-5169] suggests to 
upgrade the version of openssl to 1.1.1n-0+deb11u3



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

[jira] [Created] (SPARK-40126) Security scanning spark v3.3.0 results in DSA-5169-1 critical vulnerability

Reply via email to