Amazon Linux 2 Security Advisory: ALAS-2018-1096
Advisory Release Date: 2018-10-25 23:04 Pacific
It was found that flatpak's D-Bus proxy did not properly filter the access to D-Bus during the authentication protocol. A specially crafted flatpak application could use this flaw to bypass all restrictions imposed by flatpak and have full access to the D-BUS interface.(CVE-2018-6560 )
Run yum update flatpak to update your system.