OpenSSL CVE-2022-3602 vulnerabilities I found in ECS containers

0

Hello, After checking AWS Inspector for CVE vulnerabilities I found that they are in ECS containers of our application. How do I fix container vulnerabilities please? Thank you in advance

2 Answers
0

Please check the OpenSSL Security Advisory post for November 2022 that we published. In here you will find links to rectify OpenSSL vulnerabilities for ECS.

profile picture
MK
answered 14 days ago
0

The recommended fix for both CVE-2022-3602 and CVE-2022-3786 is to update OpenSSL to version 3.0.7.

Depending on the Container OS that you are using, it will have different packages versions to update. For example, Ubuntu 22.04 users can upgrade the “openssl” package to version 3.0.2-0ubuntu1.7. Red Hat Enterprise Linux 9 users can upgrade the “openssl” package to version openssl-3.0.1-43.el9_0

profile picture
answered 14 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions