Amazon Linux 1 (EOL) Security Advisory: ALAS-2017-895
Advisory Released Date: 2017-09-14
Advisory Updated Date: 2017-09-14
Severity:
Important
References:
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
The default umask value is set to 022 to address a privilege escalation security vulnerability.
Affected Packages:
aws-cfn-bootstrap
Issue Correction:
- Run yum update aws-cfn-bootstrap to update your system.
- Update the AWS::CloudFormation::Init metadata section of your template, specifically the entries listed under the files key, to explicitly specify the mode field as documented at http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-init.html . We recommend setting the mode to explicitly disable permissions for non-owners. Alternatively, you can also choose to explicitly change the mode of the files listed in your template, by directly logging on to the instance.
- Restart the cfn-hup process: service cfn-hup restart
New Packages:
noarch:
aws-cfn-bootstrap-1.4-22.14.amzn1.noarch
src:
aws-cfn-bootstrap-1.4-22.14.amzn1.src