How to Apply the Cloudera CDH 6.3.4/CM 6.3.4 Patches for CVE-2021-44228,CVE-2021-45105,CVE-2021-44832,CVE-2021-45046 on BDA 5.2 with OL6 or OL7 with No Other CDH or CM Patches Applied
(Doc ID 2856711.1)
Last updated on MAY 18, 2023
Big Data Appliance Integrated Software - Version 5.2.0 to 5.2.0 [Release 5.0] Linux x86-64
These instructions are for applying the patches provided by Cloudera for CM 6.3.4/CDH 6.3.4 clusters with no additional Cloudera Manager(CM) or CDH patches applied, to address CVE-2021-44228, CVE-2021-45105, CVE-2021-44832 and CVE-2021-45046.
As such these instructions apply to BDA 5.2 OL6 or OL7 with no additional CM or CDH patches. If any additional CM or CDH patches have been applied to the BDA 5.2 cluster, open an SR with Oracle Support to request a CM or CDH patch for CVE-2021-44228, CVE-2021-45105, CVE-2021-44832 and CVE-2021-45046 with the already installed patches included. If this is not done applying the patches here will overwrite the existing CM or CDH patches on the cluster.
Note: Patches for CVE-2021-44228, CVE-2021-45105, CVE-2021-44832 and CVE-2021-45046 are available on BDA 5.1 in: Patch 34009063. The general steps here can be followed.
BDA 5.2 OL6 or OL7 clusters with no additional CM or CDH patches applied where a patch for CVE-2021-44228, CVE-2021-45105, CVE-2021-44832 and CVE-2021-45046 is preferred over the steps to mitigate CVE-2021-44228 provided in: TSB 2021-545: Critical vulnerability in log4j2 CVE-2021-44228 (Doc ID 2828023.1).
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!