ALAS2-2019-1175


Amazon Linux 2 Security Advisory: ALAS-2019-1175
Advisory Release Date: 2019-03-14 19:38 Pacific
Severity: Important
References:

Issue Overview:

Images built for the Amazon Linux 2.0.20190218 release included system files with incorrect permissions applied.

Incorrect permissions were applied to files including:
/etc/fstab
/etc/localtime
/etc/image-id
/etc/sysconfig/i18n
/etc/sysconfig/clock
/etc/sysconfig/keyboard
/etc/sysctl.d/99-amazon.conf
/var/lib/rpm/Packages

All users should upgrade to this updated package which corrects permissions for these files if they are not already in the expected state. The latest Amazon Linux 2 AMIs, on-premises VM images, and Docker Hub listings already include these updates.


Affected Packages:

filesystem


Issue Correction:
Run yum update filesystem to update your system.

New Packages:
aarch64:
    filesystem-3.2-25.amzn2.0.1.aarch64
    filesystem-content-3.2-25.amzn2.0.1.aarch64

i686:
    filesystem-3.2-25.amzn2.0.1.i686
    filesystem-content-3.2-25.amzn2.0.1.i686

src:
    filesystem-3.2-25.amzn2.0.1.src

x86_64:
    filesystem-3.2-25.amzn2.0.1.x86_64
    filesystem-content-3.2-25.amzn2.0.1.x86_64