CVE Identifier: CVE-2021-3156
This is an update for this issue.
AWS is aware of the security issue recently disclosed by the open source community affecting the Linux "sudo" utility (CVE-2021-3156). This issue may permit unprivileged users to run privileged commands, or cause affected hosts to crash.
Updated versions of sudo are available in the Amazon Linux and Amazon Linux 2 package repositories. Customers with existing EC2 instances running Amazon Linux should run the following command within each EC2 instance running Amazon Linux to ensure they receive the updated package:
sudo yum update sudo
We have released new versions of the Amazon Linux and Amazon Linux 2 AMIs that automatically include the updated kernel. AMI IDs for images with the updated kernels can be found at Amazon Linux 2018.03 AMI IDs, Amazon Linux 2 AMI IDs, and in the AWS Systems Manager Parameter Store.
Customers not using Amazon Linux should contact their operating system vendor for any updates or instructions necessary to mitigate any potential concerns arising from these issues. More information is available at the Amazon Linux Security Center.
AL1: https://alas.aws.amazon.com/ALAS-2021-1478.html
AL2: https://alas.aws.amazon.com/AL2/ALAS-2021-1590.html
CVE Identifier: CVE-2021-3156
You are viewing a previous version of this security bulletin.
AWS is aware of the security issue recently disclosed by the open source community affecting the Linux "sudo" utility (CVE-2021-3156). This issue may permit unprivileged users to run privileged commands. The sudo maintainers have published more information about this issue at https://www.sudo.ws/alerts/unescape_overflow.html.
AWS infrastructure and services are not affected by this issue. As a general security best practice, we recommend that Amazon EC2 customers running Amazon Linux update their operating systems to install the latest version of sudo.
Updated versions of sudo are available in the Amazon Linux and Amazon Linux 2 package repositories. Customers with existing EC2 instances running Amazon Linux should run the following command within each EC2 instance running Amazon Linux to ensure they receive the updated package:
sudo yum update sudo
Customers not using Amazon Linux should contact their operating system vendor for any updates or instructions necessary to mitigate any potential concerns arising from these issues. More information is available at the Amazon Linux Security Center.
AL1: https://alas.aws.amazon.com/ALAS-2021-1478.html
AL2: https://alas.aws.amazon.com/AL2/ALAS-2021-1590.html