Closed Denusdv closed 4 years ago
pswargam
commented
4 years ago Hi @Denusdv ,
Thank you for opening this github issue. This repository is also owned by AWS JDK team. I will get in touch with my manager and get back to you regarding the next steps.
Thank you, Prashanth
TianminShi
commented
4 years ago Hi @Denusdv, please take a look #26 and see if it has already addressed your issue.
Denusdv
commented
4 years ago Hi @Denusdv, please take a look #26 and see if it has already addressed your issue. Hi TianminShi, I see you have PR fix my issue, thanks will try once be merged
Hello support team
I'm facing the following problem addressing the Amazon Linux 2 Security Advisory: ALAS-2020-1406. I updated my dockerfile to following the Security Advisory by adding yum update openssl.
https://alas.aws.amazon.com/AL2/ALAS-2020-1406.html
Unfortunately the images scanning keeps showing me the high risk vulnerability. I simplified my docker file almost to zero custom code.
Here is my base image docker file
previously. I opened an technical assistance request on through AWS support system but was redirected to AWS JDK team. They believe that the issue is with the base image itself. As the base image amazoncorretto may not have the required packages for update in the mirror list, it was unable find the new patch for openssl. I see the CVE mentioned has been released on 2020-03-25 21:45 Pacific.
The image build is done on my local machine Docker engine version:
Client: Version: 17.12.0-ce API version: 1.35 Go version: go1.9.2 Git commit: c97c6d6 Built: Wed Dec 27 20:03:51 2017 OS/Arch: darwin/amd64
Server: Engine: Version: 17.12.0-ce API version: 1.35 (minimum version 1.12) Go version: go1.9.2 Git commit: c97c6d6 Built: Wed Dec 27 20:12:29 2017 OS/Arch: linux/amd64 Experimental: false