- Newest
- Most votes
- Most comments
Hello,
I understand that you want to know remediation steps for the vulnerability flagged for packages runc and containerd.
I have checked your concern and could see that vulnerability package fixes for runc and containerd are not pushed yet. I have checked with our internal team and they are actively working on pushing the latest packages soon, but I can't provide exact ETA for the same. However you can use the below to fix the issue in the meantime.
function update_containerd() {
if ! rpm -q containerd > /dev/null; then
echo "Will not update: containerd is not installed"
return
fi
# Check if 'aws-nitro-enclaves-cli' is already enabled
if ! grep -qri aws-nitro-enclaves-cli /etc/yum.repos.d/; then
echo "Installing and disabling 'aws-nitro-enclaves-cli' repository"
sudo amazon-linux-extras enable aws-nitro-enclaves-cli
sudo sed -i '/amzn2extra-aws-nitro-enclaves-cli/,$ s/enabled.*/enabled = 0/' /etc/yum.repos.d/amzn2-extras.repo
fi
sudo yum -y update --enablerepo=amzn2extra-aws-nitro-enclaves-cli containerd runc
}
update_containerd
Hope this helps. Please do let me know if you have any further queries or concerns. Have a great day ahead!!
Hello, I face the same issue for runc, containerd, docker but also kernel since a few weeks on my EC2 instances. Patch Manager is not able to update those packages. Neither manually with "yum update" This situation triggers many vulnerabilities detected by Amazon Inspector. It tried the remediation proposed is this post (script) but it didn't work to fix the CVEs, even if the function seems OK. Is there any workaround ? Thanks for your help.
Relevant content
- asked 8 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a year ago
Thanks - this was helpful. I'm not sure exactly what the cleanup process will be later (whether I should remove this aws-nitro-enclaves-cli entirely once the default repos catch up with this patch), but at least I believe the vulnerabilities are resolved.