Описание
ELSA-2025-10844: cloud-init security update (IMPORTANT)
[24.4-3.0.1.2]
- NetworkManagerActivator brings up interface failed when using sysconfig renderer [RHEL-18981]
- Include module cc_write_files_deferred in config template [Orabug: 36959464]
- Fix Oracle Datasource network, getdata methods and increase retries [Orabug: 37065979]
- Fix log file permission [Orabug: 35302969]
- Update detection logic for OL distros in config template [Orabug: 34845400]
- Added missing services in rhel/systemd/cloud-init.service [Orabug: 32183938]
- Added missing services in cloud-init.service.tmpl for sshd [Orabug: 32183938]
- Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 [Orabug: 30435672]
- limit permissions [Orabug: 31352433]
- Changes to ignore all enslaved interfaces [Orabug: 30092148]
- add modified version of enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch:
- Enable ec2_utils.py having a way to stop retrying to get ec2 metadata
- Apply stop retrying to get ec2 metadata to helper/openstack.py MetadataReader Resolves: Oracle-Bug:41660 (Bugzilla)
- added OL to list of known distros
[24.4-3.2]
- ci-fix-Don-t-attempt-to-identify-non-x86-OpenStack-inst.patch [RHEL-100617]
- ci-fix-strict-disable-in-ds-identify-on-no-datasources-.patch [RHEL-100617]
- Resolves: RHEL-100617 (CVE-2024-6174 cloud-init: From CVEorg collector [rhel-10.1])
Обновленные пакеты
Oracle Linux 10
Oracle Linux aarch64
cloud-init
24.4-3.0.1.el10_0.2
Oracle Linux x86_64
cloud-init
24.4-3.0.1.el10_0.2
Связанные CVE
Связанные уязвимости
When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.
When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.
When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.
When a non-x86 platform is detected, cloud-init grants root access to ...