Readme
File for IBM® Spectrum Conductor 2.5.1 fix for CVE-2022-42889 vulnerability in Apache
Commons Text
Readme file for: IBM
Spectrum Conductor
Product/Component release: 2.5.1
Update name: Interim Fix 601390
Fix ID: sc-2.5.1-build601390
Publication date: January 6, 2023
This fix addresses
CVE-2022-42889 ACE vulnerability found in the Apache Commons Text library used
in Spark 3.0.1 in IBM Spectrum Conductor 2.5.1.
1. Download location
2. Products or components affected
3. Installation and configuration
4. List of files
5. Product notifications
6. Copyright and trademark information
Download interim fix 601390 from the following location: http://www.ibm.com/eserver/support/fixes/.
Component name, Platform, Fix ID:
Spark
3.0.1, linux-x86_64, sc-2.5.1-build601390
Before you begin, IBM
Spectrum Conductor 2.5.1 must be installed on an IBM
Spectrum Conductor 2.5.1 supported operating system.
1.
Download the sc-2.5.1.0_build601390.tgz package to a local directory on your computer. Decompress the file. Once
decompressed, you will have the following Spark package:
Spark3.0.1-Conductor2.5.1.tgz
2.
Launch a browser and log in to the cluster
management console as a cluster administrator.
3.
Remove the existing Spark 3.0.1 package from the
cluster:
a.
Click Resources > Frameworks > Spark
Management.
b.
Select version 3.0.1.
c.
Click Remove.
d.
In the confirmation dialog, click Remove.
4.
Add the new Spark 3.0.1 package to the cluster:
a.
Click Resources > Frameworks > Spark
Management.
b.
Click Add.
c.
Click Browse and select the Spark3.0.1-Conductor2.5.1.tgz package
downloaded previously.
d.
Click Add.
5.
Create a
new instance group that uses the new Spark 3.0.1 package. For details,
see https://www.ibm.com/docs/en/spectrum-conductor/2.5.1?topic=groups-creating-instance.
6.
If
required, upgrade your existing instance groups to use the new Spark 3.0.1 package.
For details, see https://www.ibm.com/docs/en/spectrum-conductor/2.5.1?topic=components-updating-instance-groups-use-updated.
.
Spark3.0.1-Conductor2.5.1.tgz
To
receive information about product solution and patch updates automatically,
subscribe to product notifications on the My
Notifications page http://www.ibm.com/support/mynotifications/ on the IBM Support website (http://support.ibm.com). You can edit your subscription
settings to choose the types of information you want to get notification about,
for example, security bulletins, fixes, troubleshooting, and product
enhancements or documentation changes.
© Copyright IBM Corporation 2023
U.S.
Government Users Restricted Rights - Use, duplication or disclosure restricted
by GSA ADP Schedule Contract with IBM Corp.
IBM®,
the IBM logo and ibm.com® are trademarks of International Business Machines
Corp., registered in many jurisdictions worldwide. Other product and service
names might be trademarks of IBM or other companies. A current list of IBM
trademarks is available on the Web at "Copyright and trademark information"
at www.ibm.com/legal/copytrade.shtml