Amazon Linux 1 Security Advisory: ALAS-2017-861
Advisory Release Date: 2017-07-25 18:33 Pacific
Advisory Updated Date: 2017-08-04 03:33 Pacific
A vulnerability was reported in the CloudFormation bootstrap tools that allows an attacker to execute arbitrary code as root if they have local access to the system and are able to create files in a specific directory (CVE-2017-9450 )
Affected Packages:
aws-cfn-bootstrap
Issue Correction:
Run yum update aws-cfn-bootstrap to update your system.
noarch:
aws-cfn-bootstrap-1.4-19.10.amzn1.noarch
src:
aws-cfn-bootstrap-1.4-19.10.amzn1.src