Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2023-6943

Опубликовано: 17 нояб. 2023
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2023-6943: cloud-init security, bug fix, and enhancement update (MODERATE)

[23.1.1-10.0.1]

  • Added missing services in rhel/systemd/cloud-init.service [Orabug: 32183938]
  • Add IPv6 IMDS and dhcp6 support for Oracle Datasource [Orabug: 35470783]
  • Increase retry value and add timeout for OCI [Orabug: 35329883]
  • Fix log file permissions [Orabug: 35302985]
  • Update detection logic for OL distros in config template [Orabug: 34845400]
  • Added missing services in cloud-init.service.tmpl for sshd [Orabug: 32183938]
  • Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 [Orabug: 30435672]
  • limit permissions [Orabug: 31352433]
  • Changes to ignore all enslaved interfaces [Orabug: 30092148]
  • Fix swap file size allocation logic to allocate maxsize [Orabug: 29952349]
  • Make Oracle datasource detect dracut based config files [Orabug: 29956753]
  • add modified version of enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch:
    1. Enable ec2_utils.py having a way to stop retrying to get ec2 metadata
    2. Apply stop retrying to get ec2 metadata to helper/openstack.py MetadataReader Resolves: Oracle-Bug:41660 (Bugzilla)
  • added OL to list of known distros

[23.1.1-10]

  • Resolves: bz#2233047 ([RHEL 8.9] Inform user when cloud-init generated config files are left during uninstalling)

[23.1.1-9]

  • ci-NM-renderer-set-default-IPv6-addr-gen-mode-for-all-i.patch [bz#2229460]
  • Resolves: bz#2229460 ([rhel-8.9] [RFE] Configure 'ipv6.addr-gen-mode=eui64' as default in NetworkManager)

[23.1.1-8]

  • ci-DS-VMware-modify-a-few-log-level-4284.patch [bz#2223810]
  • Resolves: bz#2223810 ([cloud-init] [RHEL8.9]There are warning logs if dev has more than one IPV6 address on ESXi)

[23.1.1-7]

  • ci-logging-keep-current-file-mode-of-log-file-if-its-st.patch [bz#2222501]
  • Resolves: bz#2222501 (Don't change log permissions if they are already more restrictive [rhel-8])

[23.1.1-6]

  • ci-Revert-Manual-revert-Use-Network-Manager-and-Netplan.patch [bz#2219528]
  • ci-Revert-Revert-Add-native-NetworkManager-support-1224.patch [bz#2219528]
  • ci-nm-generate-ipv6-stateful-dhcp-config-at-par-with-sy.patch [bz#2219528]
  • ci-network_manager-add-a-method-for-ipv6-static-IP-conf.patch [bz#2219528]
  • ci-net-sysconfig-enable-sysconfig-renderer-if-network-m.patch [bz#2219528]
  • ci-network-manager-Set-higher-autoconnect-priority-for-.patch [bz#2219528]
  • ci-Set-default-renderer-as-sysconfig-for-centos-rhel-41.patch [bz#2219528]
  • Resolves: bz#2219528 ([RHEL8] Support configuring network by NM keyfiles)

[23.1.1-5]

  • ci-Add-warning-during-upgrade-from-an-old-version-with-.patch [bz#2210012]
  • Resolves: bz#2210012 ([cloud-init] System didn't generate ssh host keys and lost ssh connection after cloud-init removed them with updated cloud-init package.)

[23.1.1-3]

  • ci-Don-t-change-permissions-of-netrules-target-2076.patch [bz#2182947]
  • ci-Make-user-vendor-data-sensitive-and-remove-log-permi.patch [bz#2190081]
  • Resolves: bz#2182947 (Request to backport 'Don't change permissions of netrules target (#2076)')
  • Resolves: bz#2190081 (CVE-2023-1786 cloud-init: sensitive data could be exposed in logs [rhel-8])

[23.1.1-2]

  • ci-rhel-make-sure-previous-hostname-file-ends-with-a-ne.patch [bz#2182407]
  • Resolves: bz#2182407 (cloud-init strips new line from '/etc/hostname' when processing '/var/lib/cloud/data/previous-hostname')

[23.1.1-1]

  • limit-permissions-on-def_log_file.patch
  • Resolves bz#1424612
  • include-NOZEROCONF-yes-in-etc-sysconfig-network.patch
  • Resolves bz#1653131
  • Rebase to 23.1.1 [bz#2172821]
  • Resolves: bz#2172821

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

cloud-init

23.1.1-10.0.1.el8

Oracle Linux x86_64

cloud-init

23.1.1-10.0.1.el8

Связанные CVE

CVE-2023-1786

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2023-1786

CVSS3: 5.5
ubuntu
около 2 лет назад

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

redhat логотип

CVE-2023-1786

CVSS3: 5.5
redhat
около 2 лет назад

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

nvd логотип

CVE-2023-1786

CVSS3: 5.5
nvd
около 2 лет назад

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

msrc логотип

CVE-2023-1786

CVSS3: 5.5
msrc
около 2 лет назад

Описание отсутствует

debian логотип

CVE-2023-1786

CVSS3: 5.5
debian
около 2 лет назад

Sensitive data could be exposed in logs of cloud-init before version 2 ...