Amazon Linux 2 Security Advisory: ALAS-2019-1175
Advisory Release Date: 2019-03-13 22:05 Pacific
Advisory Updated Date: 2019-03-14 19:38 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
Images built for the Amazon Linux 2.0.20190218 release included system files with incorrect permissions applied.
Incorrect permissions were applied to files including:
/etc/fstab
/etc/localtime
/etc/image-id
/etc/sysconfig/i18n
/etc/sysconfig/clock
/etc/sysconfig/keyboard
/etc/sysctl.d/99-amazon.conf
/var/lib/rpm/Packages
All users should upgrade to this updated package which corrects permissions for these files if they are not already in the expected state. The latest Amazon Linux 2 AMIs, on-premises VM images, and Docker Hub listings already include these updates.
Affected Packages:
filesystem
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update filesystem to update your system.
aarch64:
filesystem-3.2-25.amzn2.0.1.aarch64
filesystem-content-3.2-25.amzn2.0.1.aarch64
i686:
filesystem-3.2-25.amzn2.0.1.i686
filesystem-content-3.2-25.amzn2.0.1.i686
src:
filesystem-3.2-25.amzn2.0.1.src
x86_64:
filesystem-3.2-25.amzn2.0.1.x86_64
filesystem-content-3.2-25.amzn2.0.1.x86_64