Amazon SSM Agent Vulnerability Package Go

aws / amazon-ssm-agent

An agent to enable remote management of your EC2 instances, on-premises servers, or virtual machines (VMs).

https://aws.amazon.com/systems-manager/

Apache License 2.0

1.06k stars 326 forks source link

Amazon SSM Agent Vulnerability Package Go #505

Closed WagnerOzaki closed 1 year ago

WagnerOzaki commented 1 year ago

Hello Team

Is It possible update package Go inside SSM Agent, because in my monitoring vulnerability there is a vulnerability on Go packageVersion 1.18.3 installed on SSM Agent.

https://nvd.nist.gov/vuln/detail/CVE-2022-32148 https://nvd.nist.gov/vuln/detail/CVE-2022-1705 https://nvd.nist.gov/vuln/detail/CVE-2022-1962

sluggard76 commented 1 year ago

@WagnerOzaki Thanks for reporting the potential issues. We have tested GoLang v1.19.6 and the next released agent version will be built with this new version of GoLang

WagnerOzaki commented 1 year ago

@sluggard76 Do you have a date when it will be built a new version SSM Agent?

sluggard76 commented 1 year ago

@WagnerOzaki SSM Agent v3.2.815.0 has just been released. This version is built in GoLang v1.19.6