[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian Stretch AMI on AWS Marketplace + Meltdown

Hi everyone,

I am trying to publish a new AMI at the AWS Marketplace [1]. My AMI is
based on the Debian Stretch ami-628ad918 [2], which includes kernel
updates for DSA 4078, addressing the Meltdown attack.

However, the AWS scan tool rejects the AMI due to the following issue:

(quote) "Vulnerabilities detected - The following vulnerabilities were
detected and must be addressed: CVE-2017-5754 [3]."

The AMI I submitted has all available Debian updates installed and
reading the description of CVE-2017-5754, this is clearly the Meltdown

Have I missed anything? Why does the AWS scan tool stumble across this
vulnerability and what can I do to address this issue?


[1] https://aws.amazon.com/marketplace/
[2] https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch
[3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5754

Reply to: