- 최신
- 최다 투표
- 가장 많은 댓글
Hello,
➤ To begin with your query for "Is AWS EMR 5.x officially EOL, or otherwise nearing it"
I would like you to know that we don't remove any EMR versions and all EMR versions are available on the console, so that the customers who are working with older versions do not get impacted. Please note that Support team is not aware of timelines and the EOL of the EMR versions. However, if any of the versions is deprecated, you will be notified and it is updated on the documentation. You can check the links [1,2] for updates in EMR and EMR 5.x respectively.
➤ Further adding to the query, "Is there any official AWS documentation on whether the EMR cluster is affected by the specified CVEs? Or, is there a supported path to hotfix"
CVE-2022-25762 EMR clusters run in the customer account, and customers have full control to add or change software and configuration settings on their EMR cluster instances. When you run software provided by EMR with EMR’s default configuration settings, the issues discussed CVE-2022-25762 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25762) do not impact EMR, for more information refer links [3a,3b].
CVE-2022-42252 Regarding CVE-2022-42252 impact on EMR. Hadoop team has investigated on the below application paths as there were no application paths specified on this vulberability, for more information refer links [4a,4b]. path : /usr/lib/bigtop-tomcat/lib/ path : /usr/lib/hadoop-kms/share/hadoop/kms/tomcat/lib/
CVE-2023-24998 Fixes are still pending on this issue, and on the link[5] you can find out the status on more information.
you can check the official AWS documentation where the EMR cluster is affected by the specified CVEs in the below link;
[*] https://alas.aws.amazon.com/alas2.html
References:
[1] https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-whatsnew.html
[2] https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-release-5x.html
[3a] CVE-2022-25762 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25762
[3b] CVE-2022-25762 - https://alas.aws.amazon.com/cve/html/CVE-2022-25762.html
[4a] CVE-2022-42252 - https://www.tenable.com/plugins/nessus/166807
[4b] CVE-2022-42252 - https://alas.aws.amazon.com/cve/html/CVE-2022-42252.html
[5] CVE-2023-24998 - https://explore.alas.aws.amazon.com/CVE-2023-24998.html
관련 콘텐츠
- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 일 년 전