Amazon Linux 2 Security Advisory: ALAS-2018-1030
Advisory Release Date: 2018-06-11 22:03 Pacific
It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131 )
Run yum update xdg-user-dirs to update your system.