AMI ec2 patching


Any idea when will the new Linux AMIs be available with patches update to address latest security vulnerabilities (Spectre, Meltdown, etc…)?

WPT server can be patched using:
sudo apt upgrade -y

But the test agent that was auto provisioned by the server can’t be accessed. No key is attached to the EC2, and I am not sure what’s the ubuntu user’s password.

If you launch an instance manually you should be able to attach a key and connect to it.

That said, the agents do an apt update and dist-upgrade at boot (and daily after that) so they should always have the latest patches. The main issue is if it is a kernel update and needs a reboot for the patches to apply then it won’t have those (Spectre/Meltdown patches likely fit in that category).

I can roll updated Linux AMI’s later this week but AFAIK there shouldn’t be any urgency about it. Spectre/Meltdown shouldn’t be an issue for the guests as there isn’t anything else running inside of the container that is a concern (and the browsers are secured independently). The VM hosts the containers run in would already have been updated by Amazon so other containers won’t be an issue it would just be other software running on the same guest that could potentially access memory it isn’t supposed to on the same guest.

Thanks for the info