AWS-2024-001

Scope: AWS Content Type: Important (requires attention) Publication Date: 2024/01/31 1:30 PM PST CVE Identifier: CVE-2024-21626 AWS is aware of a recently disclosed security issue affecting the runc component of several open source container management systems (CVE-2024-21626). With the exception of the AWS services listed below, no customer action is required to address this issue. Amazon Linux An updated version of runc is available for Amazon Linux 1 (runc-1.1.11-1.0.amzn1), Amazon Linux 2 (runc-1.1.11-1.amzn2) and for Amazon Linux 2023 (runc-1.1.11-1.amzn2023). AWS recommends that customers using runc or other container-related software apply those updates or a newer version. Further information is available in the Amazon Linux Security Center . Bottlerocket OS An updated version of runc will be included in Bottlerocket 1.19.0, which will be released by February 2, 2024. AWS recommends that customers using Bottlerocket apply this update or a newer version. Further information will be posted in the Bottlerocket Security Advisories and the Bottlerocket Release Notes . Amazon Elastic Container Service (ECS) This CVE has been patched in runc, and an updated version of runc, version…