Amazon Linux 2 Security Advisory: ALAS-2018-1030
Advisory Release Date: 2018-06-07 23:25 Pacific
Advisory Updated Date: 2018-06-11 22:03 Pacific
Severity:
Low
Issue Overview:
It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users.(CVE-2017-15131)
Affected Packages:
xdg-user-dirs
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update xdg-user-dirs to update your system.
New Packages:
src:
xdg-user-dirs-0.15-5.amzn2.src
x86_64:
xdg-user-dirs-0.15-5.amzn2.x86_64
xdg-user-dirs-debuginfo-0.15-5.amzn2.x86_64