ALAS-2017-861


Amazon Linux AMI Security Advisory: ALAS-2017-861
Advisory Release Date: 2017-08-04 03:33 Pacific
Severity: Important
References: CVE-2017-9450 

Issue Overview:

A vulnerability was reported in the CloudFormation bootstrap tools that allows an attacker to execute arbitrary code as root if they have local access to the system and are able to create files in a specific directory (CVE-2017-9450 )


Affected Packages:

aws-cfn-bootstrap


Issue Correction:
Run yum update aws-cfn-bootstrap to update your system.

New Packages:
noarch:
    aws-cfn-bootstrap-1.4-19.10.amzn1.noarch

src:
    aws-cfn-bootstrap-1.4-19.10.amzn1.src