ALAS-2016-666

Amazon Linux 1 (EOL) Security Advisory: ALAS-2016-666
Advisory Released Date: 2016-03-10
Advisory Updated Date: 2016-03-10

Severity: Medium

References: CVE-2015-7529
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system.

Affected Packages:

sos

Issue Correction:
Run yum update sos to update your system.

New Packages:

noarch:
    sos-3.2-28.17.amzn1.noarch

src:
    sos-3.2-28.17.amzn1.src

Additional References

Red Hat: CVE-2015-7529

Mitre: CVE-2015-7529