AMI updates for log4j2 CVE-2021-44228

0

Can you tell us if AWS Deep Learning AMI's are affected by CVE-2021-44228? If so, what's the plan to update them with versions which are not vulnerable?

1 Answer
0

As there are multiple Deep Learning AMI with different OS and different configuration, so it will be difficult to identify if resources under your account is impacted or not without getting more information on the detail configuration.

AWS is aware of the recently disclosed security issue relating to the open-source Apache “Log4j2" utility (CVE-2021-44228).

Responding to security issues such as this one show the value of having multiple layers of defensive technologies, which is so important to maintaining the security of our customers data and workloads. We're taking this issue very seriously, and our world-class team of engineers has been working around the clock on our response and remediation. We expect to rapidly restore our full state of defense in depth.

We continue to recommend that our customers take action to update all their applications and services by patching for known issues like this one and continue to follow our well architected guidance.

Additional service-specific information is provided below[1]. If you need additional details or assistance, please contact AWS Support[2].

Reference: [1] https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ [2] https://console.aws.amazon.com/support/home?#/case/create

AWS
SUPPORT ENGINEER
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions