ALAS-2016-666


Amazon Linux 1 Security Advisory: ALAS-2016-666
Advisory Release Date: 2016-03-10 16:30 Pacific
Advisory Updated Date: 2016-03-10 16:30 Pacific
Severity: Medium

Issue Overview:

An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system.


Affected Packages:

sos


Issue Correction:
Run yum update sos to update your system.

New Packages:
noarch:
    sos-3.2-28.17.amzn1.noarch

src:
    sos-3.2-28.17.amzn1.src