ALAS2-2018-1076


Amazon Linux 2 Security Advisory: ALAS-2018-1076
Advisory Release Date: 2018-09-15 03:54 Pacific
Severity: Low
References: CVE-2018-1063 

Issue Overview:

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing).(CVE-2018-1063 )


Affected Packages:

policycoreutils


Issue Correction:
Run yum update policycoreutils to update your system.

New Packages:
i686:
    policycoreutils-2.5-22.amzn2.i686
    policycoreutils-debuginfo-2.5-22.amzn2.i686
    policycoreutils-python-2.5-22.amzn2.i686
    policycoreutils-devel-2.5-22.amzn2.i686
    policycoreutils-sandbox-2.5-22.amzn2.i686
    policycoreutils-newrole-2.5-22.amzn2.i686
    policycoreutils-gui-2.5-22.amzn2.i686
    policycoreutils-restorecond-2.5-22.amzn2.i686

src:
    policycoreutils-2.5-22.amzn2.src

x86_64:
    policycoreutils-2.5-22.amzn2.x86_64
    policycoreutils-debuginfo-2.5-22.amzn2.x86_64
    policycoreutils-python-2.5-22.amzn2.x86_64
    policycoreutils-devel-2.5-22.amzn2.x86_64
    policycoreutils-sandbox-2.5-22.amzn2.x86_64
    policycoreutils-newrole-2.5-22.amzn2.x86_64
    policycoreutils-gui-2.5-22.amzn2.x86_64
    policycoreutils-restorecond-2.5-22.amzn2.x86_64