Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:3097-1

Опубликовано: 28 нояб. 2019
Источник: suse-cvrf

Описание

Security update for cloud-init

This update for cloud-init to version 19.2 fixes the following issues:

Security issue fixed:

  • CVE-2019-0816: Fixed the unnecessary extra ssh keys that were added to authorized_keys (bsc#1129124).

Non-security issues fixed:

  • Short circuit the conditional for identifying the sysconfig renderer (bsc#1154092, bsc#1142988).
  • If /etc/resolv.conf is a symlink, break it. This will avoid netconfig from clobbering the changes cloud-init applied (bsc#1151488).

Список пакетов

Image SLES15-Azure-BYOS
cloud-init-19.2-5.18.1
cloud-init-config-suse-19.2-5.18.1
Image SLES15-EC2-CHOST-HVM-BYOS
cloud-init-19.2-5.18.1
cloud-init-config-suse-19.2-5.18.1
Image SLES15-EC2-HVM-BYOS
cloud-init-19.2-5.18.1
cloud-init-config-suse-19.2-5.18.1
Image SLES15-OCI-BYOS
cloud-init-19.2-5.18.1
cloud-init-config-suse-19.2-5.18.1
Image SLES15-SAP-Azure
cloud-init-19.2-5.18.1
cloud-init-config-suse-19.2-5.18.1
Image SLES15-SAP-Azure-BYOS
cloud-init-19.2-5.18.1
cloud-init-config-suse-19.2-5.18.1
Image SLES15-SAP-EC2-HVM
cloud-init-19.2-5.18.1
cloud-init-config-suse-19.2-5.18.1
Image SLES15-SAP-EC2-HVM-BYOS
cloud-init-19.2-5.18.1
cloud-init-config-suse-19.2-5.18.1
Image SLES15-SAP-OCI-BYOS
cloud-init-19.2-5.18.1
cloud-init-config-suse-19.2-5.18.1
SUSE Linux Enterprise Module for Public Cloud 15
cloud-init-19.2-5.18.1
cloud-init-config-suse-19.2-5.18.1

Ссылки

Описание

A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.

Затронутые продукты
Image SLES15-Azure-BYOS:cloud-init-19.2-5.18.1
Image SLES15-Azure-BYOS:cloud-init-config-suse-19.2-5.18.1
Image SLES15-EC2-CHOST-HVM-BYOS:cloud-init-19.2-5.18.1
Image SLES15-EC2-CHOST-HVM-BYOS:cloud-init-config-suse-19.2-5.18.1
Ссылки