Update nginx 1.20.0 on Amazon Linux Extras
0
The latest version of nginx available on Amazon Linux Extras is 1.20.0 which is vulnerable to 1-Byte Memory Overwrite RCE (CVE-2021-23017).
nginx version 1.20.0 is also end-of-life since 24 May 2022
In a separate elastic beanstalk thread, someone mentioned that CVE-2021-23017 was fixed in 1.20.0-2.amzn2.0.3, but there's no supporting documentation, and nginx version 1.20.0 is also end-of-life since 24 May 2022.
Is there an expected release update to Amazon Linux Extras to bring nginx to latest version, and if not, a way to manually force update an existing nginx 1.20.0 installation from Extras?
回答なし
- 新しい順
- 投票が多い順
- コメントが多い順
I realized that it was 1.2.0 which is vulnerable to CVE-2021-23017, not 1.20.0 oops
The question remains for how does the update cycle generally work for Amazon Linux Extras packages