Package updates are available for Amazon Linux that fix the following vulnerabilities:
CVE-2017-1000249: 1488053: CVE-2017-1000249 file: Stack-based buffer overflow in do_bid_note() An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).
QID Detection Logic (Authenticated):
This QID verifies if the versions of the following packages is less than 5.22-3.26.al12: file,file-devel,file-static,file-debuginfo,file-libs,python-magic
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
Administrators are advised to apply the appropriate software updates.
Following are links for downloading patches to fix the vulnerabilities: