1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Hello Noor Kumar,
As I understand, you are getting a security vulnerability message for cronie1.4.11 on Amazon Linux 2, and when trying to update package to cronie1.5.2, you are seeing the following message:
No packages marked for update
The last known CVE I could find was CVE-2019-9704 that was resolved in cronie1.4.11-23 that comes with Amazon Linux 2 base image.
# rpm -qa --changelog cronie
* Wed Feb 13 2019 Marcel Plch <mplch@redhat.com> - 1.4.11-23
- Make cronie restart on failure
- Resolves: rhbz#1651730
Therefore, please share the CVE that you are trying to mitigate. Also, could you please share whether you are using a third party scanner which is marking the package as vulnerable, and if yes, which one?
Additionally, you can also open a support case with AWS Premium Support to get immediate assistance for your specific use case.
관련 콘텐츠
AWS 공식업데이트됨 2년 전
Thanks Akshay for your reply.
We are using the blackduck scan and CVE number is BDSA-2019-0866 CVE-2019-9704.
Looks it is using cronie-anacron/1.4.11-17.el7/ppc64, how can I upgrade to 1.4.11-23 version ?
Thanks.