Amazon Linux Security advisories for AL2023
Although we work hard to make Amazon Linux secure, at times there will be security issues that
require fixing. An advisory is issued when a fix is available.
The primary location where we publish advisories is the Amazon Linux Security Center (ALAS). For more information, see Amazon Linux Security Center
Important
If you want to report a vulnerability or have a security concern
regarding Amazon cloud services or open source projects, contact
Amazon Security using the
Vulnerability Reporting page
Information on issues and the relevant updates that affect AL2023 are published by the Amazon Linux team in several locations. It's common for security tooling to fetch information from these primary sources and present the results to you. As such, you might not directly interact with the primary sources that Amazon Linux publishes, but instead the interface provided by your preferred tooling, such as Amazon Inspector.
Amazon Linux Security Center announcements
Amazon Linux announcements are provided for items that do not fit into an advisory.
This section contains announcements about ALAS itself, along with information that does not fit in an advisory. For more information, see Amazon Linux Security Center (ALAS) Announcements
For example, the 2021-001 - Amazon Linux Hotpatch Announcement for Apache Log4j
The Amazon Linux Security Center CVE Explorer
Amazon Linux Security Center Frequently Asked Questions
For answers to some frequently asked questions about ALAS and how Amazon Linux evaluates CVEs, see Amazon Linux Security Center (ALAS) Frequently Asked Questions (FAQs)