Amazon Linux AMI : openssh (ALAS-2016-770)
High Nessus Plugin ID 94976
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionIt was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root.
SolutionRun 'yum update openssh' to update your system.