When Amazon released a solution to patch the vulnerabilities in Log4j on AWS, it made adjustments that created new vulnerabilities. So there is now a patch for that too.
Log4j is a small piece of open-source software that is used in many places. In December, it was announced that a weak spot meant that many systems worldwide had to be updated quickly.
Amazon also did this for its AWS cloud environment, but other security problems have accidentally arisen. Specifically, since the Log4j patch, it is possible to get out of a container and get root access to the underlying server. For example, a hacker gains access to other containers and the apps that run on them.
The new vulnerabilities carry codes CVE-2021-3100, CVE-2021-3101, CVE-2022-0070, and CVE-2022-0071. Amazon recommends installing them as soon as possible, given the risk. The problems were discovered by Unit 24, a division of Palo Alto Networks, which also demonstrated its operation in a video.