By using AWS re:Post, you agree to the Terms of Use

When will java-17-amazon-corretto be patched in the Amazon Linux 2 AMI?

0

The latest version of Corretto has a critical security fix for CVE-2022-21449:

Corretto version: 17.0.3.6.1
Release Date: April 17, 2022

Yet this latest version is not available from the package repo on the very latest Amazon Linux 2 AMI. When can we expect to see the patched version?

[ec2-user@ip-XXX ~]$ sudo yum install -y java-17-amazon-corretto-headless
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
amzn2-core                                                                                                                                                                                                                               | 3.7 kB  00:00:00
4 packages excluded due to repository priority protections
Package 1:java-17-amazon-corretto-headless-17.0.2+8-1.amzn2.1.x86_64 already installed and latest version
Nothing to do

[ec2-user@ip-XXX ~]$ cat /etc/image-id
image_name="amzn2-ami-hvm"
image_version="2"
image_arch="x86_64"
image_file="amzn2-ami-hvm-2.0.20220419.0-x86_64.xfs.gpt"
image_stamp="8e61-6310"
image_date="20220419161702"
recipe_name="amzn2 ami"
recipe_id="fd8fd9c3-72c3-a01f-c3a3-db8b-8481-685a-78a2e8af"
1 Answer
0

This has been addressed by AWS, the latest version Corretto has the fix for CVE-2022-21449

answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions