Amazon Linux AMI : yum-utils (ALAS-2018-1057)
High Nessus Plugin ID 111612
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionA directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files.(CVE-2018-10897)
SolutionRun 'yum update yum-utils' to update your system.