Amazon Linux 2 Security Advisory: ALAS-2019-1190
Advisory Release Date: 2019-04-04 19:03 Pacific
Advisory Updated Date: 2019-04-17 17:00 Pacific
Severity:
Important
References:
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
Images built for the Amazon Linux 2.0.20190313 release included system files with incorrect permissions applied.
Incorrect permissions were applied to the following file:
/etc/shadow
All users should upgrade to this updated package which corrects permissions for these files if they are not already in the expected state.
Affected Packages:
filesystem
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update filesystem to update your system.
New Packages:
aarch64:
filesystem-3.2-25.amzn2.0.4.aarch64
filesystem-content-3.2-25.amzn2.0.4.aarch64
i686:
filesystem-3.2-25.amzn2.0.4.i686
filesystem-content-3.2-25.amzn2.0.4.i686
src:
filesystem-3.2-25.amzn2.0.4.src
x86_64:
filesystem-3.2-25.amzn2.0.4.x86_64
filesystem-content-3.2-25.amzn2.0.4.x86_64