ALAS-2014-409

Amazon Linux 1 Security Advisory: ALAS-2014-409
Advisory Release Date: 2014-09-17 21:46 Pacific
Advisory Updated Date: 2014-09-19 12:08 Pacific

Severity: Medium

References: CVE-2014-0039
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory.

Affected Packages:

fwsnort

Issue Correction:
Run yum update fwsnort to update your system.

New Packages:

noarch:
    fwsnort-1.6.4-1.5.amzn1.noarch

src:
    fwsnort-1.6.4-1.5.amzn1.src

Additional References

Red Hat: CVE-2014-0039

Mitre: CVE-2014-0039