AWS-2021-001

CVE Identifier: CVE-2021-3156 This is an update for this issue. AWS is aware of the security issue recently disclosed by the open source community affecting the Linux "sudo" utility (CVE-2021-3156). This issue may permit unprivileged users to run privileged commands, or cause affected hosts to crash. Updated versions of sudo are available in the Amazon Linux and Amazon Linux 2 package repositories. Customers with existing EC2 instances running Amazon Linux should run the following command within each EC2 instance running Amazon Linux to ensure they receive the updated package: sudo yum update sudo We have released new versions of the Amazon Linux and Amazon Linux 2 AMIs that automatically include the updated kernel. AMI IDs for images with the updated kernels can be found at Amazon Linux 2018.03 AMI IDs , Amazon Linux 2 AMI IDs , and in the AWS Systems Manager Parameter Store . Customers not using Amazon Linux should contact their operating system vendor for any updates or instructions necessary to mitigate any potential concerns arising from these issues. More information is available at the Amazon Linux Security Center. AL1: https://alas.aws.amazon.com/ALAS-2021-1478.html AL2: ht…