ALAS-2013-256


Amazon Linux AMI Security Advisory: ALAS-2013-256
Advisory Release Date: 2014-09-16 22:06 Pacific
Severity: Medium

Issue Overview:

A flaw was found in the way ibutils handled temporary files. A local attacker could use this flaw to cause arbitrary files to be overwritten as the root user via a symbolic link attack.

It was discovered that librdmacm used a static port to connect to the ib_acm service. A local attacker able to run a specially crafted ib_acm service on that port could use this flaw to provide incorrect address resolution information to librmdacm applications.


Affected Packages:

openmpi


Issue Correction:
Run yum update openmpi to update your system.

New Packages:
i686:
    openmpi-debuginfo-1.5.4-2.24.amzn1.i686
    openmpi-devel-1.5.4-2.24.amzn1.i686
    openmpi-1.5.4-2.24.amzn1.i686

src:
    openmpi-1.5.4-2.24.amzn1.src

x86_64:
    openmpi-debuginfo-1.5.4-2.24.amzn1.x86_64
    openmpi-1.5.4-2.24.amzn1.x86_64
    openmpi-devel-1.5.4-2.24.amzn1.x86_64