Update nginx 1.20.0 on Amazon Linux Extras

0

The latest version of nginx available on Amazon Linux Extras is 1.20.0 which is vulnerable to 1-Byte Memory Overwrite RCE (CVE-2021-23017).

nginx version 1.20.0 is also end-of-life since 24 May 2022

In a separate elastic beanstalk thread, someone mentioned that CVE-2021-23017 was fixed in 1.20.0-2.amzn2.0.3, but there's no supporting documentation, and nginx version 1.20.0 is also end-of-life since 24 May 2022.

Is there an expected release update to Amazon Linux Extras to bring nginx to latest version, and if not, a way to manually force update an existing nginx 1.20.0 installation from Extras?

1:1.20.0-2.amzn2.0.4

  • I realized that it was 1.2.0 which is vulnerable to CVE-2021-23017, not 1.20.0 oops

    The question remains for how does the update cycle generally work for Amazon Linux Extras packages

tl-tl
asked 2 years ago166 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions