OpenSSL CVE-2022-3602 vulnerabilities I found in ECS containers

Question

Hello,
After checking AWS Inspector for CVE vulnerabilities I found that they are in ECS containers of our application. How do I fix container vulnerabilities please? 
Thank you in advance

Answer

Please check the OpenSSL[ Security Advisory post for November 2022](https://aws.amazon.com/security/security-bulletins/AWS-2022-008/) that we published. In here you will find links to rectify OpenSSL vulnerabilities for ECS.

Answer

The recommended fix for both CVE-2022-3602 and CVE-2022-3786 is to update OpenSSL to [version 3.0.7](https://github.com/openssl/openssl/releases/tag/openssl-3.0.7).

Depending on the Container OS that you are using, it will have different packages versions to update. For example, Ubuntu 22.04 users can upgrade the “openssl” package to version 3.0.2-0ubuntu1.7. Red Hat Enterprise Linux 9 users can upgrade the “openssl” package to version openssl-3.0.1-43.el9_0

OpenSSL CVE-2022-3602 vulnerabilities I found in ECS containers

相關內容