AWS Security Advisories — December 2021 — AWS Security Advisories

AWS-2021-007

AWS Bulletin2021-12-23

AWSSupportServiceRolePolicy Informational Update

Upstream advisory

ALAS · AL1Important2021-12-23

ALAS-2021-1554: log4j-cve-2021-44228-hotpatch (important)

Product	Status	Vendor	Package	Ecosystem
log4j-cve-2021-44228-hotpatch	affected	Amazon	log4j-cve-2021-44228-hotpatch	—

Upstream advisory

ALAS · AL1ExploitedCritical2021-12-18

ALAS-2021-1553: java-1.8.0-openjdk, java-1.7.0-openjdk, java-1.6.0-openjdk (critical)

Product	Status	Vendor	Package	Ecosystem
java-1.8.0-openjdk, java-1.7.0-openjdk, java-1.6.0-openjdk	affected	Amazon	java-1.8.0-openjdk, java-1.7.0-openjdk, java-1.6.0-openjdk	—

Upstream advisory

AWS BulletinExploited2021-12-12

Update for Apache Log4j2 Issue (CVE-2021-44228)

Upstream advisory

AWS BulletinExploited2021-12-11

Apache Log4j2 Issue (CVE-2021-44228)

Upstream advisory

ALAS · AL1Critical2021-12-01

ALAS-2021-1552: nss (critical)

Product	Status	Vendor	Package	Ecosystem
nss	affected	Amazon	nss	—

Upstream advisory