Amazon Linux 2 : yum-utils (ALAS-2018-1063)
High Nessus Plugin ID 112088
SynopsisThe remote Amazon Linux 2 host is missing a security update.
DescriptionA directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. (CVE-2018-10897)
SolutionRun 'yum update yum-utils' to update your system.