AWS systems-manager documentation change
Summary
Added documentation about transitive dependency handling differences and expanded support for RHEL 10
Security assessment
The changes explain security-adjacent behaviors (transitive dependency version selection differences between Patch Manager and native package managers) and document supported severity levels. While related to security patch management, there's no evidence of addressing a specific vulnerability.
Diff
diff --git a/systems-manager/latest/userguide/patch-manager-installing-patches.md b/systems-manager/latest/userguide/patch-manager-installing-patches.md index 0e0061c96..d4adbfa90 100644 --- a//systems-manager/latest/userguide/patch-manager-installing-patches.md +++ b//systems-manager/latest/userguide/patch-manager-installing-patches.md @@ -70 +70,9 @@ New packages that replace now-obsolete packages with different names are install -###### Note +###### Additional patching details for Amazon Linux 2022 and Amazon Linux 2023 + +Support for severity level 'None' + + +Amazon Linux 2022 and Amazon Linux 2023 also support the patch severity level `None`, which is recognized by the DNF package manager. + +Support for severity level 'Medium' + @@ -76 +84,6 @@ When you query for compliance data using the API action [DescribeInstancePatches -Amazon Linux 2022 and Amazon Linux 2023 also support the patch severity level `None`, which is recognized by the DNF package manager. +Transitive dependency handling for Amazon Linux 2022 and Amazon Linux 2023 + + +For Amazon Linux 2022 and Amazon Linux 2023, Patch Manager might install different versions of transitive dependencies than the equivalent `dnf` commands install. Transitive dependencies are packages that are automatically installed to satisfy the requirements of other packages (dependencies of dependencies). + +For example, `dnf upgrade-minimal --security` installs the _minimal_ versions of transitive dependencies needed to resolve known security issues, while Patch Manager installs the __latest available versions of the same transitive dependencies. @@ -107,0 +121,6 @@ If nonsecurity updates are included, patches from other repositories are conside +###### Note + +For CentOS, Patch Manager might install different versions of transitive dependencies than the equivalent `dnf` commands install. Transitive dependencies are packages that are automatically installed to satisfy the requirements of other packages (dependencies of dependencies). + +For example, `dnf upgrade-minimal --security` installs the _minimal_ versions of transitive dependencies needed to resolve known security issues, while Patch Manager installs the _latest available versions_ of the same transitive dependencies. + @@ -251,0 +271,6 @@ The equivalent yum command for this workflow is: +###### Note + +For Oracle Linux, Patch Manager might install different versions of transitive dependencies than the equivalent `dnf` commands install. Transitive dependencies are packages that are automatically installed to satisfy the requirements of other packages (dependencies of dependencies). + +For example, `dnf upgrade-minimal --security` installs the _minimal_ versions of transitive dependencies needed to resolve known security issues, while Patch Manager installs the _latest available versions_ of the same transitive dependencies. + @@ -290 +315 @@ If nonsecurity updates are included, patches from other repositories are conside - 7. The YUM update API (on RHEL 7) or the DNF update API (on AlmaLinux 8 and 9, RHEL 8 and 9, and Rocky Linux 8 and 9) is applied to approved patches according to the following rules: + 7. The YUM update API (on RHEL 7) or the DNF update API (on AlmaLinux 8 and 9, RHEL 8, 9, and 10, and Rocky Linux 8 and 9) is applied to approved patches according to the following rules: @@ -310,0 +336,6 @@ For AlmaLinux, RHEL 8, and Rocky Linux , the equivalent dnf commands for this wo +###### Note + +For AlmaLinux, RHEL, and Rocky LinuxRocky Linux, Patch Manager might install different versions of transitive dependencies than the equivalent `dnf` commands install. Transitive dependencies are packages that are automatically installed to satisfy the requirements of other packages (dependencies of dependencies). + +For example, `dnf upgrade-minimal --security` installs the _minimal_ versions of transitive dependencies needed to resolve known security issues, while Patch Manager installs the _latest available versions_ of the same transitive dependencies. + @@ -407 +438,9 @@ For each version of Ubuntu Server, patch candidate versions are limited to patch - * Ubuntu Server 23.04: `lunar-lobster` + * Ubuntu Server 23.04 (`lunar-security`) + + * Ubuntu Server 23.10 (`mantic-security`) + + * Ubuntu Server 24.04 LTS (`noble-security`) + + * Ubuntu Server 24.10 (`oracular-security`) + + * Ubuntu Server 25.04 (`plucky-security`)