Amazon Linux AMI Security Advisory: ALAS-2015-572
Advisory Release Date: 2015-07-23 10:50 Pacific
Advisory Updated Date: 2015-07-27 17:12 Pacific
It was found that libuser, as used in the chfn userhelper functionality, does not properly filter out newline characters, which allows an authenticated local attacker to corrupt the /etc/passwd file and cause denial-of-service against the system. (CVE-2015-3245)
A flaw was found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser (for example, userhelper) to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root. (CVE-2015-3246)
Run yum update usermode libuser to update your system.