How to Apply the Cloudera CDH 6.3.4/CM 6.3.4 Patches for CVE-2021-44228 and CVE-2021-45105 on BDA 5.2 with OL6 or OL7 with No Other CDH or CM Patches Applied
(Doc ID 2856711.1)
Last updated on AUGUST 08, 2022
Applies to:
Big Data Appliance Integrated Software - Version 5.2.0 to 5.2.0 [Release 5.0] Linux x86-64
Purpose
These instructions are for applying the patches provided by Cloudera for CM 6.3.4/CDH 6.3.4 clusters with no additional Cloudera Manager(CM) or CDH patches applied, to address CVE-2021-44228 and CVE-2021-45105.
As such these instructions apply to BDA 5.2 OL6 or OL7 with no additional CM or CDH patches. If any additional CM or CDH patches have been applied to the BDA 5.2 cluster, open an SR with Oracle Support to request a CM or CDH patch for CVE-2021-44228 and CVE-2021-45105 with the already installed patches included. If this is not done applying the patches here will overwrite the existing CM or CDH patches on the cluster.
Scope
BDA 5.2 OL6 or OL7 clusters with no additional CM or CDH patches applied where a patch for CVE-2021-44228 and CVE-2021-45105 is preferred over the steps to mitigate CVE-2021-44228 provided in: TSB 2021-545: Critical vulnerability in log4j2 CVE-2021-44228 (Doc ID 2828023.1).
Details
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!