Amazon Linux AMI Security Advisory: ALAS-2017-895
Advisory Release Date: 2017-09-14 17:08 Pacific
Advisory Updated Date: 2017-09-14 22:32 Pacific
Severity: Important
References: CVE-PENDING 

Issue Overview:

The default umask value is set to 022 to address a privilege escalation security vulnerability.

Affected Packages:


Issue Correction:
  1. Run yum update aws-cfn-bootstrap to update your system.
  2. Update the AWS::CloudFormation::Init metadata section of your template, specifically the entries listed under the files key, to explicitly specify the mode field as documented at . We recommend setting the mode to explicitly disable permissions for non-owners. Alternatively, you can also choose to explicitly change the mode of the files listed in your template, by directly logging on to the instance.
  3. Restart the cfn-hup process: service cfn-hup restart

New Packages: