Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Is OpenSSL 1.0.2k Updated?

0

Running yum update openssl as advised on the Linux 2 security advisories like this one: https://alas.aws.amazon.com/AL2/ALAS-2022-1766.html doesn't update OpenSSL past version 1.0.2k.

My PCI scan continues to fail based on version 1.0.2k of OpenSSL being vulnerable.

Is Amazon updating OpenSSL to fix the vulnerabilities but not changing the version letter?

Argomenti
AWS Well-Architected Framework
Tag
Sicurezza
Lingua
English
rePost-User-6223830
posta 2 anni fa6388 visualizzazioni
1 Risposta
1
Risposta accettata

Hi

Yes, you are correct Amazon does backport security fixes for Amazon Linux 2, this means that Amazon takes fixes out of the most recent version of upstream software packages and applies it to the version of the package on Amazon Linux 2. The available version of openssl-1.0.2k is kept up to date with all security fixes for openssl.

Can review the Amazon Linux FAQs here: https://aws.amazon.com/amazon-linux-2/faqs/

profile pictureAWS
TECNICO DI SUPPORTO
Lundi
con risposta 2 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente