Amazon Linux 1 Security Advisory: ALAS-2013-256
Advisory Release Date: 2013-12-11 20:32 Pacific
Advisory Updated Date: 2014-09-16 22:06 Pacific
A flaw was found in the way ibutils handled temporary files. A local attacker could use this flaw to cause arbitrary files to be overwritten as the root user via a symbolic link attack.
It was discovered that librdmacm used a static port to connect to the ib_acm service. A local attacker able to run a specially crafted ib_acm service on that port could use this flaw to provide incorrect address resolution information to librmdacm applications.
Affected Packages:
openmpi
Issue Correction:
Run yum update openmpi to update your system.
i686:
openmpi-debuginfo-1.5.4-2.24.amzn1.i686
openmpi-devel-1.5.4-2.24.amzn1.i686
openmpi-1.5.4-2.24.amzn1.i686
src:
openmpi-1.5.4-2.24.amzn1.src
x86_64:
openmpi-debuginfo-1.5.4-2.24.amzn1.x86_64
openmpi-1.5.4-2.24.amzn1.x86_64
openmpi-devel-1.5.4-2.24.amzn1.x86_64