Re: Debian Stretch AMI on AWS Marketplace + Meltdown

[Michael Schams <debian.1517715179@2018.schams.net>]

On Sun, 2018-02-04 at 12:28 -0800, Noah Meyerhans wrote:

> On Sun, Feb 04, 2018 at 02:55:52PM +1100, Michael Schams wrote:
> > However, the AWS scan tool rejects the AMI due to the following
> > issue:
> > 
> > (quote) "Vulnerabilities detected - The following vulnerabilities
> > were detected and must be addressed: CVE-2017-5754 [3]."
> 
> Unfortunately, only the AWS marketplace people know what their scan
> is looking for here. You'll probably need to reach out to them for
> help.

Yeah, well... I contacted them a few days ago. No response yet.
I thought I could try to sort this out another way :-)

> Interesting that they're detecting problems here but they didn't have
> any issues with the original AMI. It's probably just that they hadn't
> yet implemented Meltdown checks when I registered mine.

That would explain it. My first failed scan attempt was on 30 or 31
January 2018. AMI ami-628ad918 was released on 06 January and made it
into the Marketplace a few days after.

Thanks for your feedback. Let's keep your fingers crossed that I hear
from the Marketplace team soon.


Cheers
Michael