Update nginx 1.20.0 on Amazon Linux Extras
0
The latest version of nginx available on Amazon Linux Extras is 1.20.0 which is vulnerable to 1-Byte Memory Overwrite RCE (CVE-2021-23017).
nginx version 1.20.0 is also end-of-life since 24 May 2022
In a separate elastic beanstalk thread, someone mentioned that CVE-2021-23017 was fixed in 1.20.0-2.amzn2.0.3, but there's no supporting documentation, and nginx version 1.20.0 is also end-of-life since 24 May 2022.
Is there an expected release update to Amazon Linux Extras to bring nginx to latest version, and if not, a way to manually force update an existing nginx 1.20.0 installation from Extras?
Aucune réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
Contenus pertinents
- demandé il y a un an
- demandé il y a un mois
- demandé il y a un an
AWS OFFICIELA mis à jour il y a 4 mois- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
I realized that it was 1.2.0 which is vulnerable to CVE-2021-23017, not 1.20.0 oops
The question remains for how does the update cycle generally work for Amazon Linux Extras packages