Open
Description
According to the CI, our base Amazon image has security issues: https://github.com/rust-serverless/lambda-rust/runs/4399791210?check_suite_focus=true
+--------------------+------------------+----------+-------------------+--------------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+--------------------+------------------+----------+-------------------+--------------------+---------------------------------------+
| nspr | CVE-2021-43527 | CRITICAL | 4.25.0-2.amzn2 | 4.32.0-1.amzn2 | nss: Memory corruption in |
| | | | | | decodeECorDsaSignature with |
| | | | | | DSA signatures (and RSA-PSS) |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-43527 |
+--------------------+ + +-------------------+--------------------+ +
| nss | | | 3.53.1-7.amzn2 | 3.67.0-4.amzn2.0.1 | |
| | | | | | |
| | | | | | |
| | | | | | |
+--------------------+ + +-------------------+--------------------+ +
| nss-softokn | | | 3.53.1-6.amzn2 | 3.67.0-3.amzn2 | |
| | | | | | |
| | | | | | |
| | | | | | |
+--------------------+ + + + + +
| nss-softokn-freebl | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+--------------------+ + +-------------------+--------------------+ +
| nss-sysinit | | | 3.53.1-7.amzn2 | 3.67.0-4.amzn2.0.1 | |
| | | | | | |
| | | | | | |
| | | | | | |
+--------------------+ + + + + +
| nss-tools | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+--------------------+ + +-------------------+--------------------+ +
| nss-util | | | 3.53.1-1.amzn2 | 3.67.0-1.amzn2 | |
| | | | | | |
| | | | | | |
| | | | | | |
+--------------------+------------------+----------+-------------------+--------------------+---------------------------------------+
We need somehow fix it. Maybe, we need just wait for the fix from AWS side and possibly bump our base image version. Also, we can somehow highlight the issue to the AWS related people.
Metadata
Metadata
Assignees
Labels
No labels