Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2025-10844

Опубликовано: 14 июл. 2025
Источник: oracle-oval
Платформа: Oracle Linux 10

Описание

ELSA-2025-10844: cloud-init security update (IMPORTANT)

[24.4-3.0.1.2]

  • NetworkManagerActivator brings up interface failed when using sysconfig renderer [RHEL-18981]
  • Include module cc_write_files_deferred in config template [Orabug: 36959464]
  • Fix Oracle Datasource network, getdata methods and increase retries [Orabug: 37065979]
  • Fix log file permission [Orabug: 35302969]
  • Update detection logic for OL distros in config template [Orabug: 34845400]
  • Added missing services in rhel/systemd/cloud-init.service [Orabug: 32183938]
  • Added missing services in cloud-init.service.tmpl for sshd [Orabug: 32183938]
  • Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 [Orabug: 30435672]
  • limit permissions [Orabug: 31352433]
  • Changes to ignore all enslaved interfaces [Orabug: 30092148]
  • add modified version of enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch:
    1. Enable ec2_utils.py having a way to stop retrying to get ec2 metadata
    2. Apply stop retrying to get ec2 metadata to helper/openstack.py MetadataReader Resolves: Oracle-Bug:41660 (Bugzilla)
  • added OL to list of known distros

[24.4-3.2]

  • ci-fix-Don-t-attempt-to-identify-non-x86-OpenStack-inst.patch [RHEL-100617]
  • ci-fix-strict-disable-in-ds-identify-on-no-datasources-.patch [RHEL-100617]
  • Resolves: RHEL-100617 (CVE-2024-6174 cloud-init: From CVEorg collector [rhel-10.1])

Обновленные пакеты

Oracle Linux 10

Oracle Linux aarch64

cloud-init

24.4-3.0.1.el10_0.2

Oracle Linux x86_64

cloud-init

24.4-3.0.1.el10_0.2

Связанные CVE

Связанные уязвимости

CVSS3: 8.8
ubuntu
около 2 месяцев назад

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.

CVSS3: 8.8
redhat
около 2 месяцев назад

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.

CVSS3: 8.8
nvd
около 2 месяцев назад

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.

CVSS3: 8.8
msrc
около 1 месяца назад

Описание отсутствует

CVSS3: 8.8
debian
около 2 месяцев назад

When a non-x86 platform is detected, cloud-init grants root access to ...