Home Unlabelled IBM Security Bulletin: Vulnerability in dependent component shipped in IBM Development Package for Apache Spark (CVE-2016-4970)

IBM Security Bulletin: Vulnerability in dependent component shipped in IBM Development Package for Apache Spark (CVE-2016-4970)

By
Thursday, March 02, 2017
Read
Add Comment

The developerWorks download for IBM Development Package for Apache Spark is not vulnerable in its default configuration. However, IBM Development Package for Apache Spark could be vulnerable to a Denial of Service attack if the ‘netty-tcnative’ component is added and configured onto the classpath during application development/deployment, because it provides the interface between Netty and an installed openSSL library.

CVE(s): CVE-2016-4970

Affected product(s) and affected version(s):

All IBM Development Package for Apache Spark, v1 releases
All IBM Development Package for Apache Spark, v2.0.0 releases

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2miK1Af
X-Force Database: http://ift.tt/2mPel1Z

The post IBM Security Bulletin: Vulnerability in dependent component shipped in IBM Development Package for Apache Spark (CVE-2016-4970) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2miq10U
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us