Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

OpenSSL v3 vulnerability: Are all ECS-optimized AMIs affected or just the Amazon Linux 2022 based ones?

0

https://aws.amazon.com/security/security-bulletins/AWS-2022-008/ says

Customers utilizing Amazon Linux 2022, Bottlerocket OS or ECS-optimized Amazon Machine Images (AMIs) on Amazon ECS should read the instructions below.

Which sounds like all ECS-optimized AMIs are affected. However, the recommendation is:

we recommend that ECS customers update the version of OpenSSL 3.0 via DNF configuration.

To my understanding, DNF is only available on Amazon Linux 2022.

Checking the version of openssl in one of our instances that run an Amazon Linux 2 based ECS-optimized AMI, I get:

sh-4.2$ openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

Can I consider Amazon Linux 2 based ECS-optimized AMIs to be unaffected by CVE-2022-3602 and CVE-2022-3786?

Temas
ContenedoresAWS Well-Architected Framework
Etiquetas
Amazon Elastic Container ServiceSeguridad
Idioma
English
rePost-User-5069736
preguntada hace 2 años310 visualizaciones
1 Respuesta
0
Respuesta aceptada

Thank you for the detailed description.

Yes, ECS-optimized Amazon Linux 2 AMI is not affected as OpenSSL 3.0 is not shipped in this version, as also per your openssl version command output and this quote Amazon Linux 2 do not ship with OpenSSL 3.0 and are not affected by these issues from https://aws.amazon.com/security/security-bulletins/AWS-2022-008/.

AWS
weidi
respondido hace un año

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante