Readme File for IBM® Spectrum Conductor 2.5.1 fix for CVE-2022-42889 vulnerability in Apache Commons Text

 

Readme file for: IBM Spectrum Conductor
Product/Component release: 2.5.1
Update name: Interim Fix
601390
Fix ID: sc-2.5.1-build
601390

Publication date: January 6, 2023

This fix addresses CVE-2022-42889 ACE vulnerability found in the Apache Commons Text library used in Spark 3.0.1 in IBM Spectrum Conductor 2.5.1.  

 

Contents

1.     Download location

2.     Products or components affected

3.     Installation and configuration

4.     List of files

5.     Product notifications

6.     Copyright and trademark information

1.   Download location

Download interim fix 601390 from the following location: http://www.ibm.com/eserver/support/fixes/.

2.   Products or components affected

Component name, Platform, Fix ID:                                                   

Spark 3.0.1, linux-x86_64, sc-2.5.1-build601390

3.   Installation and configuration


Before you begin, IBM Spectrum Conductor 2.5.1 must be installed on an IBM Spectrum Conductor 2.5.1 supported operating system.

1.     Download the sc-2.5.1.0_build601390.tgz package to a local directory on your computer. Decompress the file. Once decompressed, you will have the following Spark package:

Spark3.0.1-Conductor2.5.1.tgz

2.     Launch a browser and log in to the cluster management console as a cluster administrator.

3.     Remove the existing Spark 3.0.1 package from the cluster:

a.     Click Resources > Frameworks > Spark Management.

b.     Select version 3.0.1.

c.     Click Remove.

d.     In the confirmation dialog, click Remove.

4.     Add the new Spark 3.0.1 package to the cluster:

a.     Click Resources > Frameworks > Spark Management.

b.     Click Add.

c.     Click Browse and select the Spark3.0.1-Conductor2.5.1.tgz package downloaded previously.

d.     Click Add.

 

5.     Create a new instance group that uses the new Spark 3.0.1 package. For details, see https://www.ibm.com/docs/en/spectrum-conductor/2.5.1?topic=groups-creating-instance.

 

6.     If required, upgrade your existing instance groups to use the new Spark 3.0.1 package. For details, see https://www.ibm.com/docs/en/spectrum-conductor/2.5.1?topic=components-updating-instance-groups-use-updated.

 

.

4.   List of files

Spark3.0.1-Conductor2.5.1.tgz

5.   Product notifications

To receive information about product solution and patch updates automatically, subscribe to product notifications on the My Notifications page http://www.ibm.com/support/mynotifications/ on the IBM Support website (http://support.ibm.com). You can edit your subscription settings to choose the types of information you want to get notification about, for example, security bulletins, fixes, troubleshooting, and product enhancements or documentation changes. 

6.   Copyright and trademark information

© Copyright IBM Corporation 2023

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM®, the IBM logo and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml