Readme for IBM® Spectrum Conductor with Spark 2.2.1 Interim Fix 521531
Readme file for: IBM Spectrum Conductor with Spark
Product/Component Release: 2.2.1
Update Name: Interim Fix 521531
Fix ID: cws-2.2.1-build521531
Publication date: July 7, 2019
This interim fix
provides a resolution for the following security vulnerabilities in the Jupyter notebook in IBM Spectrum Conductor with Spark
2.2.1: CVE-2019-9644, CVE-2019-10255, and CVE-2019-10856.
Contents
1.
List of fixes
2.
Download location
3.
Installation and configuration
4.
List of files
5.
Product notifications
6.
Copyright and trademark information
1.
List of fixes
N/A
2.
Download location
Download interim fix 521531 from the following location: http://www.ibm.com/eserver/support/fixes/
3.
Installation and configuration
Follow the instructions in this
section to download and install this interim fix in your cluster.
System requirements
Linux x86_64 or Linux
ppc64le
Before installation
If you are updating an
existing notebook, back up the notebook base data directory.
Note: For updated notebook packages, the notebook is
undeployed and the new version is deployed. Therefore, if you specified the
notebook base data directory under or the same as the notebook's deployment
directory, the base data directory is removed. To retain your data, manually
back up the contents of the base data directory before you update the Spark
instance group.
a. Log in to the cluster management console as the cluster
administrator.
b. Click Workload
> Spark > Spark Instance Groups, then click the Spark instance group that you
want to check.
c. Click Manage, then
Configure.
d. In the Basic Settings tab, click the Configuration link in
the Notebooks section, then check the “Base data directory” value.
Note: If the notebook base data
directory is under or is the same as the notebook’s deployment directory, back
up the base data directory by running the following commands from the command
line:
> mkdir -p
/tmp/backup
> cp -a BASE_DATA_DIRECTORY/SIG_NAME /tmp/backup
Ensure
that you back up the notebook base data directory for each Spark instance
group that you want to upgrade.
Installation
a.
Log
in to the cluster management console as the cluster administrator and stop all
Spark instance groups.
b.
Download
the cws-2.2.1.0_build521531.tgz package and extract its contents to select the
package for your host operating system:
· JupyterPython3-5.0.0.tar.gz for Jupyter notebook version 5.0.0 on Linux x86_64 hosts
· JupyterPowerPython3-5.0.0.tar.gz for Jupyter notebook version 5.0.0 for Linux ppc64le hosts
c.
Add
the Jupyter 5.0.0 package to your cluster:
To update an existing
notebook:
a) Click Workload > Spark > Notebook Management, select Jupyter and click Configure.
b)
In the Deployment Settings tab, click Choose File in the Package section.
c)
Select the Jupyter 5.0.0 package.
d)
Click Update
Notebook.
To add a new notebook:
a) Click Workload
> Spark > Notebook Management and click Add.
b) In the Deployment Settings tab, click Choose File in the Package section.
c) Select the Jupyter 5.0.0 package.
d)
Set the following parameters:
Name: JupyterPython3 or JupyterPowerPython3
Version: 5.0.0
Start
command: ./scripts/start_jupyter.sh
Stop
command: ./scripts/stop_jupyter.sh
Job monitor
command: ./scripts/jobMonitor.sh
Longest update interval for job
monitor: 280
e)
Check Enable
collaboration for the notebook and Enable
SSL support.
f)
Click Add.
After installation
a.
From the cluster management console, click Workload > Spark >
Spark Instance Groups.
a) Create a new Spark instance
group that uses Jupyter 5.0.0. For
details, see Creating
Spark instance groups.
b) If required, update your existing Spark instance groups that
use Jupyter 5.0.0. For
details, see Updating
existing Spark instance groups.
b.
For
the backed-up Spark instance groups, restore
the notebook base data directory files:
> cp –a /tmp/backup/SIG_NAME BASE_DATA_DIRECTORY
c. Verify that permissions and ownership of the replaced files are the same as they were before applying the fix. Update any file permissions or ownership as required.
4.
List of files
JupyterPython3-5.0.0.tar.gz
JupyterPowerPython3-5.0.0.tar.gz
5.
Product notifications
To receive
information about product solution and patch updates automatically, subscribe
to product notifications on the My
Notifications page http://www.ibm.com/support/mynotifications/
on the IBM Support website (http://support.ibm.com). You can edit your
subscription settings to choose the types of information you want to get
notification about, for example, security bulletins, fixes, troubleshooting,
and product enhancements or documentation changes.
6.
Copyright and trademark information
© Copyright IBM Corporation 2019
U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
IBM®, the IBM logo and
ibm.com® are trademarks of International Business Machines Corp., registered in
many jurisdictions worldwide. Other product and service names might be
trademarks of IBM or other companies. A current list of IBM trademarks is
available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.