ALAS-2017-886


Amazon Linux 1 Security Advisory: ALAS-2017-886
Advisory Release Date: 2017-08-31 17:03 Pacific
Advisory Updated Date: 2024-02-10 00:46 Pacific
Severity: Important

Issue Overview:

2024-02-10: CVE-2017-9450 was added to this advisory.

2024-02-10: CVE-PENDING was removed from this advisory.

New optional parameter "umask" introduced into cfn-hup.conf file in order to configure the cfn-hup daemon's umask.

The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory. (CVE-2017-9450)


Affected Packages:

aws-cfn-bootstrap


Issue Correction:
Run yum update aws-cfn-bootstrap to update your system.

New Packages:
noarch:
    aws-cfn-bootstrap-1.4-21.13.amzn1.noarch

src:
    aws-cfn-bootstrap-1.4-21.13.amzn1.src