ALAS-2015-626


Amazon Linux AMI Security Advisory: ALAS-2015-626
Advisory Release Date: 2015-12-13 14:25 Pacific
Severity: Medium
References: CVE-2014-8169 

Issue Overview:

It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system.


Affected Packages:

autofs


Issue Correction:
Run yum update autofs to update your system.

New Packages:
i686:
    autofs-5.0.7-54.22.amzn1.i686
    autofs-debuginfo-5.0.7-54.22.amzn1.i686

src:
    autofs-5.0.7-54.22.amzn1.src

x86_64:
    autofs-5.0.7-54.22.amzn1.x86_64
    autofs-debuginfo-5.0.7-54.22.amzn1.x86_64