ALAS-2017-843


Amazon Linux AMI Security Advisory: ALAS-2017-843
Advisory Release Date: 2017-06-06 22:51 Pacific
Severity: Important

Issue Overview:

A flaw was found in the way sudo parsed tty information from the process
status file in the proc filesystem. A local user with privileges to execute
commands via sudo could use this flaw to escalate their privileges to root.
(CVE-2017-1000367 )


Affected Packages:

sudo


Issue Correction:
Run yum update sudo to update your system.

New Packages:
i686:
    sudo-devel-1.8.6p3-28.25.amzn1.i686
    sudo-1.8.6p3-28.25.amzn1.i686
    sudo-debuginfo-1.8.6p3-28.25.amzn1.i686

src:
    sudo-1.8.6p3-28.25.amzn1.src

x86_64:
    sudo-1.8.6p3-28.25.amzn1.x86_64
    sudo-devel-1.8.6p3-28.25.amzn1.x86_64
    sudo-debuginfo-1.8.6p3-28.25.amzn1.x86_64