keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.(CVE-2018-19044 __)
Run yum update keepalived to update your system.
aarch64: keepalived-1.3.5-16.amzn2.aarch64 keepalived-debuginfo-1.3.5-16.amzn2.aarch64 i686: keepalived-1.3.5-16.amzn2.i686 keepalived-debuginfo-1.3.5-16.amzn2.i686 src: keepalived-1.3.5-16.amzn2.src x86_64: keepalived-1.3.5-16.amzn2.x86_64 keepalived-debuginfo-1.3.5-16.amzn2.x86_64