Amazon Linux AMI Security Advisory: ALAS-2013-256
Advisory Release Date: 2014-09-16 22:06 Pacific
A flaw was found in the way ibutils handled temporary files. A local attacker could use this flaw to cause arbitrary files to be overwritten as the root user via a symbolic link attack.
It was discovered that librdmacm used a static port to connect to the ib_acm service. A local attacker able to run a specially crafted ib_acm service on that port could use this flaw to provide incorrect address resolution information to librmdacm applications.
Run yum update openmpi to update your system.