Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Linux Security advisories for AL2023

Although we work hard to make Amazon Linux secure, at times there will be security issues that require fixing. An advisory is issued when a fix is available. The primary location where we publish advisories is the Amazon Linux Security Center (ALAS). For more information, see Amazon Linux Security Center.

Information on issues and the relevant updates that affect AL2023 are published by the Amazon Linux team in several locations. It's common for security tooling to fetch information from these primary sources and present the results to you. As such, you might not directly interact with the primary sources that Amazon Linux publishes, but instead the interface provided by your preferred tooling, such as Amazon Inspector.

Amazon Linux Security Center announcements

Amazon Linux announcements are provided for items that do not fit into an advisory. This section contains announcements about ALAS itself, along with information that does not fit in an advisory. For more information, see Amazon Linux Security Center (ALAS) Announcements.

For example, the 2021-001 - Amazon Linux Hotpatch Announcement for Apache Log4j fit into an announcement rather than an advisory. In this announcement, Amazon Linux added a package to help customers mitigate a security issue in software that was not part of Amazon Linux.

The Amazon Linux Security Center CVE Explorer was also announced on ALAS announcements. For more information, see New website for CVEs.

Amazon Linux Security Center Frequently Asked Questions

For answers to some frequently asked questions about ALAS and how Amazon Linux evaluates CVEs, see Amazon Linux Security Center (ALAS) Frequently Asked Questions (FAQs).