The developerWorks download for IBM Development Package for Apache Spark is not vulnerable in its default configuration. However, IBM Development Package for Apache Spark could be vulnerable to a Denial of Service attack if the ‘netty-tcnative’ component is added and configured onto the classpath during application development/deployment, because it provides the interface between Netty and an installed openSSL library.
CVE(s): CVE-2016-4970
Affected product(s) and affected version(s):
All IBM Development Package for Apache Spark, v1 releases
All IBM Development Package for Apache Spark, v2.0.0 releases
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2miK1Af
X-Force Database: http://ift.tt/2mPel1Z
The post IBM Security Bulletin: Vulnerability in dependent component shipped in IBM Development Package for Apache Spark (CVE-2016-4970) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2miq10U
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.