Amazon Linux 2 Security Advisory: ALASNITRO-ENCLAVES-2021-008
Advisory Release Date: 2021-10-19 20:32 Pacific
Advisory Updated Date: 2021-11-18 21:38 Pacific
The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as to system availability. (CVE-2021-30465)
Run yum update runc to update your system.