ALAS-2015-626

Amazon Linux 1 Security Advisory: ALAS-2015-626
Advisory Release Date: 2015-12-14 10:00 Pacific
Advisory Updated Date: 2015-12-13 14:25 Pacific

Severity: Medium

References: CVE-2014-8169
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system.

Affected Packages:

autofs

Issue Correction:
Run yum update autofs to update your system.

New Packages:

i686:
    autofs-5.0.7-54.22.amzn1.i686
    autofs-debuginfo-5.0.7-54.22.amzn1.i686

src:
    autofs-5.0.7-54.22.amzn1.src

x86_64:
    autofs-5.0.7-54.22.amzn1.x86_64
    autofs-debuginfo-5.0.7-54.22.amzn1.x86_64

Additional References

Red Hat: CVE-2014-8169

Mitre: CVE-2014-8169