Описание
Security update for cloud-init
This update for cloud-init to version 19.2 fixes the following issues:
Security issue fixed:
- CVE-2019-0816: Fixed the unnecessary extra ssh keys that were added to authorized_keys (bsc#1129124).
Non-security issues fixed:
- Short circuit the conditional for identifying the sysconfig renderer (bsc#1154092, bsc#1142988).
- If /etc/resolv.conf is a symlink, break it. This will avoid netconfig from clobbering the changes cloud-init applied (bsc#1151488).
Список пакетов
SUSE Linux Enterprise Module for Public Cloud 15
cloud-init-19.2-5.18.1
cloud-init-config-suse-19.2-5.18.1
Ссылки
- Link for SUSE-SU-2019:3097-1
- E-Mail link for SUSE-SU-2019:3097-1
- SUSE Security Ratings
- SUSE Bug 1099358
- SUSE Bug 1129124
- SUSE Bug 1136440
- SUSE Bug 1142988
- SUSE Bug 1144363
- SUSE Bug 1151488
- SUSE Bug 1154092
- SUSE CVE CVE-2019-0816 page
Описание
A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.
Затронутые продукты
SUSE Linux Enterprise Module for Public Cloud 15:cloud-init-19.2-5.18.1
SUSE Linux Enterprise Module for Public Cloud 15:cloud-init-config-suse-19.2-5.18.1
Ссылки
- CVE-2019-0816
- SUSE Bug 1129124