2017/06/19 12:30 PDT
We have reviewed our services for impact by the recent Linux security issues disclosed by Qualys. With the exception of the services listed below, no customer action is required to address these issues.
Amazon Linux AMI
UPDATE (2017/06/19 3:00PM PDT): We have released new Amazon Linux AMIs that include mitigations against these issues. These AMIs are available via the EC2 console, CLI and APIs. Instances launched using the EC2 console after 2017/06/19 11AM PDT will include mitigations against this issue. Customers running older versions of the Amazon Linux AMI should follow the instructions below to update their EC2 resources. Updated AMI IDs are available here.
2017/06/19 12:30PM PDT: We have updated the Linux kernel and glibc packages within the Amazon linux repositories. Customers with existing Amazon Linux AMI instances should run the following command to ensure they receive the updated packages, after which a reboot will be required:
sudo yum update kernel glibc
We are preparing an updated version of the Amazon Linux AMI for release later today, and will update this bulletin once it is available for use. Information on the glibc and kernel patches is available in the Amazon Linux Security Center.
AWS Elastic Beanstalk
UPDATE (2017/06/27 5:00PM PDT): We have released updates for Linux-based Elastic Beanstalk platforms. If you have Managed Platform Updates enabled for your environment, it will be automatically updated to the latest platform version in your selected maintenance window and no customer action is required. You can also update immediately by going to the Managed Updates configuration page and clicking on the "Apply Now" button. Customers who have not enabled Managed Platform Updates can update their environment's platform by following instructions here.
2017/06/19 12:30PM PDT: We are preparing platform updates for AWS Elastic Beanstalk. Customers who use Linux-based platforms and have enabled managed platform updates do not need to take action. We will update this bulletin with information for customers who have not enabled managed platform updates when available.
Amazon EC2 Container Service (ECS)
We recommend that ECS customers examine their environments, and update the kernel and glibc packages on EC2 instances within an ECS cluster. If you use Amazon Linux or the Amazon ECS-optimized AMI, you can follow the directions in the "Amazon Linux AMI" section above. Otherwise, please consult with your operating system provider for information on updated packages.
UPDATE (2017/06/24 2:00PM PDT): We have completed updates to the CodeBuild infrastructure. No customer action is required.
2017/06/19 12:30PM PDT: AWS CodeBuild is currently being updated. We will update this bulletin when the updates have completed. No customer action is required.