This does not seem helpful. For example every Lambda image (at the time of this writing ex: NodeJS v16) seems to have a version of glibc v2.2.6 released on 2017-08-02. We need a way to update glibc now? Answer from MetaSkills on repost.aws
Discussions

Amazon Linux 2 support dropped due to glibc >= 2.28 requirement
Amazon Linux 2 has a maximum glibc version of 2.26. There's no intention to update this and instead Amazon are pushing Amazon Linux 2023 which recently went generally available. Recent Oso vers... More on github.com
🌐 github.com
1
April 4, 2023
Workaround for machines that do not have `glibc` >= 2.28
It will make all Amazon Linux 2 (AL2) EC2 machines unable to use VS Code, while also affecting enterprise users who may use customized or parallel versions of the glibc library for their own development needs. More on github.com
🌐 github.com
38
January 24, 2024
Install instructions did not work on Amazon Linux
It seems NVM requires glibc 2.27 or 2.28. Amazon Linux only supports glibc 2.26 at the moment: https://repost.aws/questions/QUrXOioL46RcCnFGyELJWKLw/glibc-2-27-on-amazon-linux-2 More on github.com
🌐 github.com
1
November 21, 2022
How to upgrade glibc on Amazon Linux 2 AMI
I am trying to run a Python Docker image that is using glibc 2.28 and is running into conflicts since the 2.26 version is being used in the instance. This is weird. You should be packaging glibc at the version you need it in the container image, and there's no reason for it to use the host's. More on reddit.com
🌐 r/aws
1
5
March 1, 2022
🌐
Reddit
reddit.com › r/aws › how to upgrade glibc on amazon linux 2 ami
r/aws on Reddit: How to upgrade glibc on Amazon Linux 2 AMI
March 1, 2022 -

On EC2 instances using Amazon Linux 2, an outdated version of glibc is used: glibc 2.26. That is backed up by the FAQ for Amazon Linux 2. FAQ for Amazon Linux 2.

A set of core packages including systemd, GCC 7.3, Glibc 2.26, Binutils 2.29.1 that receive Long Term Support (LTS) from AWS.

Is there any way to upgrade to a newer version of Glibc, like 2.28? For background, I am trying to run a Python Docker image that is using glibc 2.28 and is running into conflicts since the 2.26 version is being used in the instance.

🌐
Installati.one
installati.one › home › amazonlinux › 2nd › how to install glibc.x86_64 on amazon linux 2
How To Install glibc.x86_64 on Amazon Linux 2 | Installati.one
May 20, 2022 - In this tutorial we learn how to install glibc.x86_64 in Amazon Linux 2. glibc.x86_64 is The GNU libc libraries
🌐
Amazon Web Services
aws.amazon.com › compute › amazon linux 2 › faqs
Amazon Linux 2 FAQs
2 weeks ago - Amazon Linux 2 is suited for a wide variety of virtualized and containerized workloads such as databases, data analytics, line-of-business applications, web and desktop applications, and more in production contexts. It is also available for use on · EC2 Bare Metal Instances as both a bare metal OS and a virtualization host. ... A Linux kernel tuned for performance on Amazon EC2. A set of core packages including systemd, GCC 7.3, Glibc ...
🌐
Tenable
tenable.com › plugins › nessus › 171823
Amazon Linux 2 : glibc (ALAS-2023-1944)<!-- --> | Tenable®
February 17, 2023 - The remote Amazon Linux 2 host is missing a security update. The version of glibc installed on the remote host is prior to 2.26-37. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1944 advisory. A vulnerability was discovered in glibc where the ...
🌐
GitHub
github.com › osohq › oso › issues › 1694
Amazon Linux 2 support dropped due to glibc >= 2.28 requirement · Issue #1694 · osohq/oso
April 4, 2023 - Amazon Linux 2 has a maximum glibc version of 2.26. There's no intention to update this and instead Amazon are pushing Amazon Linux 2023 which recently went generally available. Recent Oso versions require glibc >= 2.28: LoadError: Could...
Author   osohq
Find elsewhere
🌐
GitHub
github.com › microsoft › vscode › issues › 203375
Workaround for machines that do not have `glibc` >= 2.28 · Issue #203375 · microsoft/vscode
January 24, 2024 - It will make all Amazon Linux 2 (AL2) EC2 machines unable to use VS Code, while also affecting enterprise users who may use customized or parallel versions of the glibc library for their own development needs.
Author   microsoft
Top answer
1 of 5
5

The answer at:
Node.js 18 is compiled for glibc 2.28
is certainly correct although highly unsatisfying.

You cannot run the binary on your system because it relies on a version of glibc which is not available on your system.

$ docker run -it amazoncorretto:11 bash
bash-4.2# cat /etc/os-release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
bash-4.2# rpm -q --provides glibc|grep -i libc.so
libc.so.6()(64bit)
libc.so.6(GLIBC_2.10)(64bit)
libc.so.6(GLIBC_2.11)(64bit)
libc.so.6(GLIBC_2.12)(64bit)
libc.so.6(GLIBC_2.13)(64bit)
libc.so.6(GLIBC_2.14)(64bit)
libc.so.6(GLIBC_2.15)(64bit)
libc.so.6(GLIBC_2.16)(64bit)
libc.so.6(GLIBC_2.17)(64bit)
libc.so.6(GLIBC_2.18)(64bit)
libc.so.6(GLIBC_2.2.5)(64bit)
libc.so.6(GLIBC_2.2.6)(64bit)
libc.so.6(GLIBC_2.22)(64bit)
libc.so.6(GLIBC_2.23)(64bit)
libc.so.6(GLIBC_2.24)(64bit)
libc.so.6(GLIBC_2.25)(64bit)
libc.so.6(GLIBC_2.26)(64bit)
libc.so.6(GLIBC_2.3)(64bit)
libc.so.6(GLIBC_2.3.2)(64bit)
libc.so.6(GLIBC_2.3.3)(64bit)
libc.so.6(GLIBC_2.3.4)(64bit)
libc.so.6(GLIBC_2.4)(64bit)
libc.so.6(GLIBC_2.5)(64bit)
libc.so.6(GLIBC_2.6)(64bit)
libc.so.6(GLIBC_2.7)(64bit)
libc.so.6(GLIBC_2.8)(64bit)
libc.so.6(GLIBC_2.9)(64bit)

It supports only up to GLIBC_2.26.

Also amazoncorretto:latest only supports up to glibc 2.26:

$ docker run -it amazoncorretto bash
bash-4.2# cat /etc/os-release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
bash-4.2# rpm -q --provides glibc|grep -i libc.so
libc.so.6()(64bit)
libc.so.6(GLIBC_2.10)(64bit)
libc.so.6(GLIBC_2.11)(64bit)
libc.so.6(GLIBC_2.12)(64bit)
libc.so.6(GLIBC_2.13)(64bit)
libc.so.6(GLIBC_2.14)(64bit)
libc.so.6(GLIBC_2.15)(64bit)
libc.so.6(GLIBC_2.16)(64bit)
libc.so.6(GLIBC_2.17)(64bit)
libc.so.6(GLIBC_2.18)(64bit)
libc.so.6(GLIBC_2.2.5)(64bit)
libc.so.6(GLIBC_2.2.6)(64bit)
libc.so.6(GLIBC_2.22)(64bit)
libc.so.6(GLIBC_2.23)(64bit)
libc.so.6(GLIBC_2.24)(64bit)
libc.so.6(GLIBC_2.25)(64bit)
libc.so.6(GLIBC_2.26)(64bit)
libc.so.6(GLIBC_2.3)(64bit)
libc.so.6(GLIBC_2.3.2)(64bit)
libc.so.6(GLIBC_2.3.3)(64bit)
libc.so.6(GLIBC_2.3.4)(64bit)
libc.so.6(GLIBC_2.4)(64bit)
libc.so.6(GLIBC_2.5)(64bit)
libc.so.6(GLIBC_2.6)(64bit)
libc.so.6(GLIBC_2.7)(64bit)
libc.so.6(GLIBC_2.8)(64bit)
libc.so.6(GLIBC_2.9)(64bit)

You cannot update your glibc library because it is part of the Linux Kernel. It will be upgraded when you migrate to a newer Operating System Version.

The way to get it running on your system would be to rebuild it from the Source Code for your system and ideally package it for easily reproducible installation.

You might setup a docker image from amazoncorretto Base Image with the Packaging Environment set up.

An Package build on the Packaging Docker Host will be installable on all amazoncorretto:11 Systems.

Useful will be the pre-built .spec file which can be found at:
NodeJS .spec file
Then you only need to build your rpmbuild environment to create your installable NodeJS .rpm package.

AWS NodeJS Lambda Runner:

@Rich mentioned the public.ecr.aws/lambda/nodejs:18 AWS Lambda Runner image.
This is an image which is designed to run NodeJS tasks with the CMD dockerfile instruction at startup.
This actually might be fine for some single shot task (what it is designed for) or to startup directly a ExpressJS web app.
A downside is that you cannot independently update the NodeJS engine without upgrading the whole base image because the NodeJS engine is not installed as a system package.


$ docker run -it public.ecr.aws/lambda/nodejs:18 
19 Jun 2023 09:53:51,148 [INFO] (rapid) exec '/var/runtime/bootstrap' (cwd=/var/task, handler=)


^C19 Jun 2023 09:54:26,776 [INFO] (rapid) Received signal signal=interrupt
19 Jun 2023 09:54:26,776 [INFO] (rapid) Shutting down...
19 Jun 2023 09:54:26,776 [WARNING] (rapid) Reset initiated: SandboxTerminated
19 Jun 2023 09:54:26,776 [INFO] (rapid) Stopping runtime domain
19 Jun 2023 09:54:26,776 [INFO] (rapid) Waiting for runtime domain processes termination
19 Jun 2023 09:54:26,776 [INFO] (rapid) Stopping operator domain
19 Jun 2023 09:54:26,776 [INFO] (rapid) Starting runtime domain
$ docker run --entrypoint bash -it public.ecr.aws/lambda/nodejs:18
bash-4.2# rpm -qa|grep -i node|wc -l
0
bash-4.2# node --version
v18.16.0
bash-4.2# npm --version
9.5.1
bash-4.2# cat /lambda-entrypoint.sh
#!/bin/sh
# Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.

if [ $# -ne 1 ]; then
  echo "entrypoint requires the handler name to be the first argument" 1>&2
  exit 142
fi
export _HANDLER="$1"

RUNTIME_ENTRYPOINT=/var/runtime/bootstrap
if [ -z "${AWS_LAMBDA_RUNTIME_API}" ]; then
  exec /usr/local/bin/aws-lambda-rie $RUNTIME_ENTRYPOINT
else
  exec $RUNTIME_ENTRYPOINT
fi
bash-4.2# ls -lah /usr/local/bin/aws-lambda-rie
-rwxr-xr-x 1 root root 5.6M Jun 12 13:21 /usr/local/bin/aws-lambda-rie
bash-4.2# ls -lah /etc/yum.repos.d
total 12K
drwxr-xr-x 2 root root 4.0K Jun 23  2022 .
drwxr-xr-x 1 root root 4.0K Jun 19 09:57 ..
-rw-r--r-- 1 root root 1003 Oct 26  2021 amzn2-core.repo
2 of 5
4

Building up on the answer by Bodo Hugo Barwich and the comment by Rich:

If you do not want to use the Docker image public.ecr.aws/lambda/nodejs:18 directly, you can copy node from that image to your own image via multi-stage build:

FROM public.ecr.aws/lambda/nodejs:18 as nodesource

FROM amazonlinux:2
ENV PATH="$PATH:/var/lang/bin"
COPY --from=nodesource /var/lang /var/lang

RUN npm i whatever
🌐
Tenable
tenable.com › plugins › nessus › 194858
Amazon Linux 2 : glibc (ALAS-2024-2521)<!-- --> | Tenable®
The remote Amazon Linux 2 host is missing a security update. The version of glibc installed on the remote host is prior to 2.26-64. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2521 advisory.
🌐
GitHub
github.com › aws › firelens-datajet › issues › 23
Install instructions did not work on Amazon Linux · Issue #23 · aws/firelens-datajet
November 21, 2022 - It seems NVM requires glibc 2.27 or 2.28. Amazon Linux only supports glibc 2.26 at the moment: https://repost.aws/questions/QUrXOioL46RcCnFGyELJWKLw/glibc-2-27-on-amazon-linux-2
Author   aws
🌐
Tenable
tenable.com › plugins › nessus › 213353
Amazon Linux 2 : glibc (ALAS-2024-2718)<!-- --> | Tenable®
December 23, 2024 - The remote Amazon Linux 2 host is missing a security update. The version of glibc installed on the remote host is prior to 2.26-64. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2718 advisory. glibc: null pointer dereferences after failed netgroup cache insertion ...
🌐
Tenable
tenable.com › plugins › nessus › 146627
Amazon Linux 2 : glibc (ALAS-2021-1605)<!-- --> | Tenable®
February 19, 2021 - The remote Amazon Linux 2 host is missing a security update. The version of glibc installed on the remote host is prior to 2.26-41. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1605 advisory.
🌐
Tenable
tenable.com › plugins › nessus › 167239
Amazon Linux 2 : glibc (ALAS-2022-1869)<!-- --> | Tenable®
November 9, 2022 - The remote Amazon Linux 2 host is missing a security update. The version of glibc installed on the remote host is prior to 2.26-62. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1869 advisory.
🌐
Tenable
tenable.com › plugins › nessus › 159564
Amazon Linux 2 : glibc (ALAS-2022-1767)<!-- --> | Tenable®
April 6, 2022 - The remote Amazon Linux 2 host is missing a security update. The version of glibc installed on the remote host is prior to 2.26-58. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1767 advisory. A stack based buffer-overflow vulnerability was found in ...
🌐
GitHub
github.com › aws › q-command-line-discussions › discussions › 195
Support Older GLibc 2.26 (Amazon Linux 2) · aws/q-command-line-discussions · Discussion #195
❯ cat /etc/system-release Amazon Linux release 2 (Karoo) ❯ cat /etc/os-release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2:-:internal" HOME_URL="https://amazonlinux.com/" VARIANT="internal" ❯ ldd --version ldd (GNU libc) 2.26 Copyright (C) 2017 Free Software Foundation, Inc.
Author   aws
🌐
Tenable
tenable.com › plugins › nessus › 150980
Amazon Linux 2 : glibc (ALAS-2021-1656)<!-- --> | Tenable®
June 23, 2021 - The remote Amazon Linux 2 host is missing a security update. The version of glibc installed on the remote host is prior to 2.26-47. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1656 advisory. In the GNU C Library (aka glibc or libc6) through 2.29, ...