How to Apply the Cloudera CDH 6.3.4/CM 6.3.4 Patches for CVE-2021-44228,CVE-2021-45105,CVE-2021-44832,CVE-2021-45046 on BDA 5.2 with OL6 or OL7 with No Other CDH or CM Patches Applied (Doc ID 2856711.1)

Last updated on MAY 18, 2023

Applies to:

Purpose

These instructions are for applying the patches provided by Cloudera for CM 6.3.4/CDH 6.3.4 clusters with no additional Cloudera Manager(CM) or CDH patches applied, to address CVE-2021-44228, CVE-2021-45105, CVE-2021-44832 and CVE-2021-45046.

As such these instructions apply to BDA 5.2 OL6 or OL7 with no additional CM or CDH patches.  If any additional CM or CDH patches have been applied to the BDA 5.2 cluster, open an SR with Oracle Support to request a CM or CDH patch for CVE-2021-44228, CVE-2021-45105, CVE-2021-44832 and CVE-2021-45046 with the already installed patches included.  If this is not done applying the patches here will overwrite the existing CM or CDH patches on the cluster.

Scope

BDA 5.2 OL6 or OL7 clusters with no additional CM or CDH patches applied where a patch for CVE-2021-44228, CVE-2021-45105, CVE-2021-44832 and CVE-2021-45046 is preferred over the steps to mitigate CVE-2021-44228 provided in: TSB 2021-545: Critical vulnerability in log4j2 CVE-2021-44228 (Doc ID 2828023.1).

Details

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.