AWS Security Advisories — January 2022 — AWS Security Advisories

ALAS-2021-1555

ALAS · AL1Medium2022-01-20

ALAS-2021-1555: containerd (medium)

CVEs:CVE-2020-15157

Affected products

Product	Status	Vendor	Package	Ecosystem
containerd	affected	Amazon	containerd	—

Upstream advisory

ALAS-2021-1556

ALAS · AL1Important2022-01-20

ALAS-2021-1556: runc (important)

CVEs:CVE-2019-16884 CVE-2019-19921

Affected products

Product	Status	Vendor	Package	Ecosystem
runc	affected	Amazon	runc	—

Upstream advisory

ALAS-2022-1557

ALAS · AL1Medium2022-01-20

ALAS-2022-1557: vim (medium)

CVEs:CVE-2020-20703 CVE-2021-3903 CVE-2021-3927 CVE-2021-3928 CVE-2021-3968 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193

Affected products

Product	Status	Vendor	Package	Ecosystem
vim	affected	Amazon	vim	—

Upstream advisory

ALAS-2022-1558

ALAS · AL1Medium2022-01-20

ALAS-2022-1558: busybox (medium)

CVEs:CVE-2021-42376 CVE-2021-42378 CVE-2021-42379 CVE-2021-42384 CVE-2021-42385 CVE-2021-42386

Affected products

Product	Status	Vendor	Package	Ecosystem
busybox	affected	Amazon	busybox	—

Upstream advisory

ALAS-2022-1559

ALAS · AL1Important2022-01-20

ALAS-2022-1559: cyrus-imapd (important)

CVEs:CVE-2021-33582

Affected products

Product	Status	Vendor	Package	Ecosystem
cyrus-imapd	affected	Amazon	cyrus-imapd	—

Upstream advisory

ALAS-2022-1560

ALAS · AL1Important2022-01-20

ALAS-2022-1560: httpd24 (important)

CVEs:CVE-2021-44224 CVE-2021-44790

Affected products

Product	Status	Vendor	Package	Ecosystem
httpd24	affected	Amazon	httpd24	—

Upstream advisory

ALAS-2022-1561

ALAS · AL1Important2022-01-20

ALAS-2022-1561: java-1.8.0-openjdk (important)

CVEs:CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-35603

Affected products

Product	Status	Vendor	Package	Ecosystem
java-1.8.0-openjdk	affected	Amazon	java-1.8.0-openjdk	—

Upstream advisory

ALAS-2022-1562

ALAS · AL1Important2022-01-20

ALAS-2022-1562: log4j (important)

CVEs:CVE-2017-5645 CVE-2019-17571 CVE-2021-4104

Affected products

Product	Status	Vendor	Package	Ecosystem
log4j	affected	Amazon	log4j	—

Upstream advisory

AWS-2022-002

AWS Bulletin2022-01-13

Reported AWS Glue Issue

Upstream advisory

AWS-2022-001

AWS Bulletin2022-01-13

Reported AWS CloudFormation Issue

Upstream advisory

Advisories

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Need live exploit intelligence?