ALAS-2013-250


Amazon Linux AMI Security Advisory: ALAS-2013-250
Advisory Release Date: 2014-09-16 21:55 Pacific
Severity: Low

Issue Overview:

Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. (CVE-2012-0786 , CVE-2012-0787 )


Affected Packages:

augeas


Issue Correction:
Run yum update augeas to update your system.

New Packages:
i686:
    augeas-libs-1.0.0-5.5.amzn1.i686
    augeas-debuginfo-1.0.0-5.5.amzn1.i686
    augeas-1.0.0-5.5.amzn1.i686
    augeas-devel-1.0.0-5.5.amzn1.i686

src:
    augeas-1.0.0-5.5.amzn1.src

x86_64:
    augeas-devel-1.0.0-5.5.amzn1.x86_64
    augeas-1.0.0-5.5.amzn1.x86_64
    augeas-debuginfo-1.0.0-5.5.amzn1.x86_64
    augeas-libs-1.0.0-5.5.amzn1.x86_64