Amazon Linux 2 Security Advisory: ALASDOCKER-2024-038
Advisory Release Date: 2024-02-15 04:09 Pacific
Advisory Updated Date: 2024-02-19 17:58 Pacific
Severity:
Low
References:
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
Containerd is not affected by CVE-2023-39325. While it contains the affected module, it does not use it in a way that exposes users to CVE-2023-39325.
Affected Packages:
containerd
Note:
This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update containerd to update your system.
New Packages:
aarch64:
containerd-1.6.28-1.amzn2.0.1.aarch64
containerd-stress-1.6.28-1.amzn2.0.1.aarch64
containerd-debuginfo-1.6.28-1.amzn2.0.1.aarch64
src:
containerd-1.6.28-1.amzn2.0.1.src
x86_64:
containerd-1.6.28-1.amzn2.0.1.x86_64
containerd-stress-1.6.28-1.amzn2.0.1.x86_64
containerd-debuginfo-1.6.28-1.amzn2.0.1.x86_64