Amazon Linux 1 Security Advisory: ALAS-2017-886
Advisory Release Date: 2017-08-31 17:03 Pacific
Advisory Updated Date: 2024-02-10 00:46 Pacific
2024-02-10: CVE-2017-9450 was added to this advisory.
2024-02-10: CVE-PENDING was removed from this advisory.
New optional parameter "umask" introduced into cfn-hup.conf file in order to configure the cfn-hup daemon's umask.
The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory. (CVE-2017-9450)
Affected Packages:
aws-cfn-bootstrap
Issue Correction:
Run yum update aws-cfn-bootstrap to update your system.
noarch:
aws-cfn-bootstrap-1.4-21.13.amzn1.noarch
src:
aws-cfn-bootstrap-1.4-21.13.amzn1.src