1 Respuesta
- Más nuevo
- Más votos
- Más comentarios
0
Hello Noor Kumar,
As I understand, you are getting a security vulnerability message for cronie1.4.11
on Amazon Linux 2, and when trying to update package to cronie1.5.2
, you are seeing the following message:
No packages marked for update
The last known CVE I could find was CVE-2019-9704 that was resolved in cronie1.4.11-23 that comes with Amazon Linux 2 base image.
# rpm -qa --changelog cronie
* Wed Feb 13 2019 Marcel Plch <mplch@redhat.com> - 1.4.11-23
- Make cronie restart on failure
- Resolves: rhbz#1651730
Therefore, please share the CVE that you are trying to mitigate. Also, could you please share whether you are using a third party scanner which is marking the package as vulnerable, and if yes, which one?
Additionally, you can also open a support case with AWS Premium Support to get immediate assistance for your specific use case.
Thanks Akshay for your reply.
We are using the blackduck scan and CVE number is BDSA-2019-0866 CVE-2019-9704.
Looks it is using cronie-anacron/1.4.11-17.el7/ppc64, how can I upgrade to 1.4.11-23 version ?
Thanks.