By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Linux 2 repository very old security packages despite EOL 2025

0

Despite AWS Linux 2 end-of-life is defined in 2025, core security packages are very old.

For instance, amzn2-core latest version of iptables and ipset are respectively the ones from 2020 and 2016!

So, supported ipset version is 6.29-1 (Released in 2016) is extremelly old and buggy!

Is there any way I could force a yum update of these core security components?

Topics
AWS Well-Architected FrameworkCompute
Tags
SecurityAmazon Linux
Language
English
AWS-User-3194526
asked 6 months ago210 views
2 Answers
0

Hi AWS-User-3194526,

You can force a security update with - sudo yum update --security.

"Long-term support for Amazon Linux 2 only applies to core packages and includes:

  1. AWS will provide security updates and bug fixes for all packages in core until June 30, 2025.
  2. AWS will maintain user-space Application Binary Interface (ABI) compatibility for the following packages in core:

elfutils-libelf, glibc, glibc-utils, hesiod, krb5-libs, libgcc, libgomp, libstdc++, libtbb.so, libtbbmalloc.so, libtbbmalloc_proxy.so, libusb, libxml2, libxslt, pam, audit-libs, audit-libs-python, bzip2-libs, c-ares, clutter, cups-libs, cyrus-sasl-gssapi, cyrus-sasl-lib, cyrus-sasl-md5, dbus-glib, dbus-libs, elfutils-libs, expat, fuse-libs, glib2, gmp, gnutls, httpd, libICE, libSM, libX11, libXau, libXaw, libXext, libXft, libXi, libXinerama, libXpm, libXrandr, libXrender, libXt, libXtst, libacl, libaio, libatomic, libattr, libblkid, libcap-ng, libdb, libdb-cxx, libgudev1, libhugetlbfs, libnotify, libpfm, libsmbclient, libtalloc, libtdb, libtevent, libusb, libuuid, ncurses-libs, nss, nss-sysinit, numactl, openssl, p11-kit, papi, pcre, perl, perl-Digest-SHA, perl-Time-Piece, perl-libs, popt, python, python-libs, readline, realmd, ruby, scl-utils, sqlite, systemd-libs, systemtap, tcl, tcp_wrappers-libs, xz-libs, and zlib

  1. AWS will provide Application Binary Interface (ABI) compatibility for all other packages in core unless providing such compatibility is not possible for reasons beyond AWS’s control." - Source - Amazon Linux 2 FAQs

Security updates are provided using the package repositories as well as updated AMI security alerts are published in the Amazon Linux Security Center. For more information about AWS security policies or to report a security problem, see AWS Cloud Security.

You can access Release notes for Amazon Linux 2 here.

Hope this helps.

AWS
AWS-User-6270441
answered 4 months ago
0

As per https://aws.amazon.com/amazon-linux-2/faqs/ :

Q. Does AWS backport security fixes for Amazon Linux 2? Yes. Amazon routinely takes fixes out of the most recent version of upstream software packages and applies it to the version of the package in Amazon Linux 2. During this process, Amazon isolates the fix from any other changes, ensures that the fixes do not introduce unwanted side effects, and then applies the fixes.

i.e. if we move a bunch of these packages forward, there may be some unpleasant side-effects for customers. We have to be very careful when updating packages in Amazon Linux 2, as we do not want to break customers production environments.

I can suggest Amazon Linux 2023 as the base package versions in AL2023 are much newer than AL2. You can see the differences in packages in the release notes, and you can see Comparing AL2 and AL2023 in the User guide along with deprecated functionality.

Stewart Smith
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content