Amazon Linux 1 Security Advisory: ALAS-2013-250
Advisory Release Date: 2013-12-02 20:28 Pacific
Advisory Updated Date: 2014-09-16 21:55 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787)
Affected Packages:
augeas
Issue Correction:
Run yum update augeas to update your system.
i686:
augeas-libs-1.0.0-5.5.amzn1.i686
augeas-debuginfo-1.0.0-5.5.amzn1.i686
augeas-1.0.0-5.5.amzn1.i686
augeas-devel-1.0.0-5.5.amzn1.i686
src:
augeas-1.0.0-5.5.amzn1.src
x86_64:
augeas-devel-1.0.0-5.5.amzn1.x86_64
augeas-1.0.0-5.5.amzn1.x86_64
augeas-debuginfo-1.0.0-5.5.amzn1.x86_64
augeas-libs-1.0.0-5.5.amzn1.x86_64