Spark Vulnerability with the toCommentSafeString Method

This section describes a security issue in a Spark method.

Vulnerability Spark is vulnerable to code injection in the toCommentSafeString method.
Details The toCommentSafeString method does not exclude comments from the compiled code. Therefore, an attacker can inject code into a Spark job.
Products Affected Spark 1.5.2 and Spark 1.6.1
Impact A Spark job can be used to take control of the cluster.
Severity Critical
Bug Tracking MapR Bug 24264; see also SPARK-15165
Immediate Action Required Customers on Spark 1.5.2 or Spark 1.6.1 should download the 1608 version of Spark from http://package.mapr.com/releases/ or request it from support@mapr.com.
Patch For customers on Spark 1.5.2, download the latest mapr-ecosystem RPM for your operating system from one of the following locations:

For customers on Spark 1.6.1, download the latest mapr-ecosystem RPM for your operating system from the following location: http://package.mapr.com/releases/ecosystem-5.x/