Amazonlinux2 has security vulnerability in cronie1.4.11

0

Hi, We are using the amazonlinux2 as base image for one of our application and this image has security vulnerability in cronie1.4.11, so the recommended version is cronie1.5.2. I tried to update the cronie package but it says No packages marked for update. can anyone guide how to update to the recommended version or can this to be upgraded in amazonlinux2 base image itself.

Thanks, Noor Kumar

질문됨 3년 전269회 조회
1개 답변
0

Hello Noor Kumar,

As I understand, you are getting a security vulnerability message for cronie1.4.11 on Amazon Linux 2, and when trying to update package to cronie1.5.2, you are seeing the following message:

No packages marked for update

The last known CVE I could find was CVE-2019-9704 that was resolved in cronie1.4.11-23 that comes with Amazon Linux 2 base image.

# rpm -qa --changelog cronie
* Wed Feb 13 2019 Marcel Plch <mplch@redhat.com> - 1.4.11-23
- Make cronie restart on failure
- Resolves: rhbz#1651730

Therefore, please share the CVE that you are trying to mitigate. Also, could you please share whether you are using a third party scanner which is marking the package as vulnerable, and if yes, which one?

Additionally, you can also open a support case with AWS Premium Support to get immediate assistance for your specific use case.

AWS
지원 엔지니어
답변함 3년 전
  • Thanks Akshay for your reply.

    We are using the blackduck scan and CVE number is BDSA-2019-0866 CVE-2019-9704.

    Looks it is using cronie-anacron/1.4.11-17.el7/ppc64, how can I upgrade to 1.4.11-23 version ?

    Thanks.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠