Following this security advisory to patch my lambda image: https://alas.aws.amazon.com/AL2023/ALAS-2024-554.html
It recommends running dnf update ncurses --releasever 2023.3.20240304
but this does not do anything on the image.
bash-5.2# dnf update ncurses --releasever 2023.3.20240304
Downloading metadata...
Nothing to do.
Trying to figure out how to properly upgrade this package.
Reproduce instructions:
docker pull public.ecr.aws/lambda/python:3.12
docker run --entrypoint bash -it public.ecr.aws/lambda/python:3.12
dnf update ncurses --releasever 2023.3.20240304
from within the container.
Additional notes:
- It does look like
ncurses
is installed on the image, but an older version.
bash-5.2# rpm -qa | grep ncurse
ncurses-libs-6.2-4.20200222.amzn2023.0.5.aarch64
ncurses-base-6.2-4.20200222.amzn2023.0.5.noarch
More image information
{
"Id": "sha256:3dc8a0fa0b981434a1e3ee55962d30cd3a873ca9c9214250813f5e2d534670f2",
"RepoTags": [
"public.ecr.aws/lambda/python:3.12",
"public.ecr.aws/lambda/python:3.12.2024.03.04.10",
"public.ecr.aws/lambda/python:3.12.2024.03.04.10-arm64"
],
According to the advisory, I'd expect the libraries to be updated to 6.2-4.20200222.amzn2023.0.6