search

awslabs / amazon-eks-ami

Packer configuration for building a custom EKS AMI
https://awslabs.github.io/amazon-eks-ami/
MIT No Attribution
2.44k stars 1.15k forks source link

OpenSSH version in v20240703 build AMI #1874

Closed guitarrapc closed 3 months ago

guitarrapc commented 3 months ago

We are building the worker node AI using this repo. After running the scan we are getting vulnerabilities in OpenSSH - openssh-8.7p1-8.amzn2023.0.11.aarch64.

Vulnerability Description:

$ rpm -qa | grep openssh
openssh-server-8.7p1-8.amzn2023.0.11.aarch64
openssh-8.7p1-8.amzn2023.0.11.aarch64
openssh-clients-8.7p1-8.amzn2023.0.11.aarch64

Amazon Linux 2023 version 2023.5.20240701 already include the fix, so could you please support the plan to include this fix into AMI?

reference: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20240701.html https://alas.aws.amazon.com/AL2023/ALAS-2024-649.html

cartermckinnon commented 3 months ago

The ALAS bulletin you’ve linked specifies openssh-8.7p1-8.amzn2023.0.11 as the patched version for CVE-2024-6387. I don’t know what scanner you’re using or why it would think otherwise.

Please open a ticket with AWS Support for security issues 👍

guitarrapc commented 3 months ago

thanks!