En

Apache Spark官网安全更新(2019-03-26)

来源:Apache Spark官网 发布日期:2019-03-26 阅读次数:321 评论:0

基本信息

发布日期:2019-03-26(官方当地时间)

更新类型:安全更新

更新版本:未知

感知时间:2019-12-05 19:41:54

风险等级:高危

情报贡献:TSRC

更新标题

CVE-2019-10099: Apache Spark unencrypted data on local disk

更新详情



Severity: Important

Vendor: The Apache Software Foundation

Versions affected:

All Spark 1.x, Spark 2.0.x, Spark 2.1.x, and 2.2.x versions
Spark 2.3.0 to 2.3.2


Description:

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.

Mitigation:


1.x, 2.0.x, 2.1.x, 2.2.x, 2.3.x users should upgrade to 2.3.3 or newer, including 2.4.x


Credit:


This issue was reported by Thomas Graves of NVIDIA.


软件描述

Apache Spark 是专为大规模数据处理而设计的快速通用的计算引擎

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入