来源:Apache Spark官网
发布日期:2019-03-26
阅读次数:1041
评论:0
更新标题
CVE-2019-10099: Apache Spark unencrypted data on local disk
更新详情
Severity: Important
Vendor: The Apache Software Foundation
Versions affected:
All Spark 1.x, Spark 2.0.x, Spark 2.1.x, and 2.2.x versions
Spark 2.3.0 to 2.3.2
Description:
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.
Mitigation:
1.x, 2.0.x, 2.1.x, 2.2.x, 2.3.x users should upgrade to 2.3.3 or newer, including 2.4.x
Credit:
This issue was reported by Thomas Graves of NVIDIA.
软件描述
Apache Spark 是专为大规模数据处理而设计的快速通用的计算引擎
评论