Vulnerable base Amazon image

[zamazan4ik]

According to the CI, our base Amazon image has security issues: https://github.com/rust-serverless/lambda-rust/runs/4399791210?check_suite_focus=true

+--------------------+------------------+----------+-------------------+--------------------+---------------------------------------+
|      LIBRARY       | VULNERABILITY ID | SEVERITY | INSTALLED VERSION |   FIXED VERSION    |                 TITLE                 |
+--------------------+------------------+----------+-------------------+--------------------+---------------------------------------+
| nspr               | CVE-2021-43527   | CRITICAL | 4.25.0-2.amzn2    | 4.32.0-1.amzn2     | nss: Memory corruption in             |
|                    |                  |          |                   |                    | decodeECorDsaSignature with           |
|                    |                  |          |                   |                    | DSA signatures (and RSA-PSS)          |
|                    |                  |          |                   |                    | -->avd.aquasec.com/nvd/cve-2021-43527 |
+--------------------+                  +          +-------------------+--------------------+                                       +
| nss                |                  |          | 3.53.1-7.amzn2    | 3.67.0-4.amzn2.0.1 |                                       |
|                    |                  |          |                   |                    |                                       |
|                    |                  |          |                   |                    |                                       |
|                    |                  |          |                   |                    |                                       |
+--------------------+                  +          +-------------------+--------------------+                                       +
| nss-softokn        |                  |          | 3.53.1-6.amzn2    | 3.67.0-3.amzn2     |                                       |
|                    |                  |          |                   |                    |                                       |
|                    |                  |          |                   |                    |                                       |
|                    |                  |          |                   |                    |                                       |
+--------------------+                  +          +                   +                    +                                       +
| nss-softokn-freebl |                  |          |                   |                    |                                       |
|                    |                  |          |                   |                    |                                       |
|                    |                  |          |                   |                    |                                       |
|                    |                  |          |                   |                    |                                       |
+--------------------+                  +          +-------------------+--------------------+                                       +
| nss-sysinit        |                  |          | 3.53.1-7.amzn2    | 3.67.0-4.amzn2.0.1 |                                       |
|                    |                  |          |                   |                    |                                       |
|                    |                  |          |                   |                    |                                       |
|                    |                  |          |                   |                    |                                       |
+--------------------+                  +          +                   +                    +                                       +
| nss-tools          |                  |          |                   |                    |                                       |
|                    |                  |          |                   |                    |                                       |
|                    |                  |          |                   |                    |                                       |
|                    |                  |          |                   |                    |                                       |
+--------------------+                  +          +-------------------+--------------------+                                       +
| nss-util           |                  |          | 3.53.1-1.amzn2    | 3.67.0-1.amzn2     |                                       |
|                    |                  |          |                   |                    |                                       |
|                    |                  |          |                   |                    |                                       |
|                    |                  |          |                   |                    |                                       |
+--------------------+------------------+----------+-------------------+--------------------+---------------------------------------+

We need somehow fix it. Maybe, we need just wait for the fix from AWS side and possibly bump our base image version. Also, we can somehow highlight the issue to the AWS related people.

[zamazan4ik]

@jerusdp maybe you have some ideas?

[jerusdp]

@zamazan4ik
Report an issue link on the aws repository here:https://gallery.ecr.aws/lambda/provided

In the interim amend code to last month's tag (al2.2021.11.08.18) instead of latest.