Amazon Linux 1 (EOL) Security Advisory: ALAS-2016-763
Advisory Released Date: 2016-11-10
Advisory Updated Date: 2016-11-10
Severity:
Important
References:
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
It was discovered that cloud-init in the Amazon Linux AMI wrote IAM role credentials from the instance metadata service to files readable by the root user in /var/lib/cloud. An application with root privileges, a container with access to the relevant files, or a root user of an AMI derived from a previously launched AMI could read and use the credentials. (IAM role credentials expire after 6 hours.)
Affected Packages:
cloud-init
Issue Correction:
Run yum update cloud-init to update your system. To delete the files which contain credentials, run rm /var/lib/cloud/instance/obj.pkl /var/lib/cloud/instances/*/obj.pkl.
New Packages:
noarch:
cloud-init-0.7.6-2.13.amzn1.noarch
src:
cloud-init-0.7.6-2.13.amzn1.src