Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:0818-1

Опубликовано: 31 мар. 2020
Источник: suse-cvrf

Описание

Security update for cloud-init

This update for cloud-init fixes the following security issues:

  • CVE-2020-8631: Replaced the theoretically predictable deterministic random number generator with the system RNG (bsc#1162937).
  • CVE-2020-8632: Increased the default random password length from 9 to 20 (bsc#1162936).

Список пакетов

Image SLES12-SP5-Azure-BYOS
cloud-init-19.4-37.39.1
cloud-init-config-suse-19.4-37.39.1
Image SLES12-SP5-Azure-Basic-On-Demand
cloud-init-19.4-37.39.1
cloud-init-config-suse-19.4-37.39.1
Image SLES12-SP5-Azure-HPC-BYOS
cloud-init-19.4-37.39.1
cloud-init-config-suse-19.4-37.39.1
Image SLES12-SP5-Azure-HPC-On-Demand
cloud-init-19.4-37.39.1
cloud-init-config-suse-19.4-37.39.1
Image SLES12-SP5-Azure-SAP-BYOS
cloud-init-19.4-37.39.1
cloud-init-config-suse-19.4-37.39.1
Image SLES12-SP5-Azure-SAP-On-Demand
cloud-init-19.4-37.39.1
cloud-init-config-suse-19.4-37.39.1
Image SLES12-SP5-Azure-Standard-On-Demand
cloud-init-19.4-37.39.1
cloud-init-config-suse-19.4-37.39.1
Image SLES12-SP5-EC2-BYOS
cloud-init-19.4-37.39.1
cloud-init-config-suse-19.4-37.39.1
Image SLES12-SP5-EC2-ECS-On-Demand
cloud-init-19.4-37.39.1
cloud-init-config-suse-19.4-37.39.1
Image SLES12-SP5-EC2-On-Demand
cloud-init-19.4-37.39.1
cloud-init-config-suse-19.4-37.39.1
Image SLES12-SP5-EC2-SAP-BYOS
cloud-init-19.4-37.39.1
cloud-init-config-suse-19.4-37.39.1
Image SLES12-SP5-EC2-SAP-On-Demand
cloud-init-19.4-37.39.1
cloud-init-config-suse-19.4-37.39.1
Image SLES12-SP5-OCI-BYOS-BYOS
cloud-init-19.4-37.39.1
cloud-init-config-suse-19.4-37.39.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
cloud-init-19.4-37.39.1
cloud-init-config-suse-19.4-37.39.1
SUSE Linux Enterprise Module for Public Cloud 12
cloud-init-19.4-37.39.1
cloud-init-config-suse-19.4-37.39.1

Ссылки

Описание

cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.

Затронутые продукты
Image SLES12-SP5-Azure-BYOS:cloud-init-19.4-37.39.1
Image SLES12-SP5-Azure-BYOS:cloud-init-config-suse-19.4-37.39.1
Image SLES12-SP5-Azure-Basic-On-Demand:cloud-init-19.4-37.39.1
Image SLES12-SP5-Azure-Basic-On-Demand:cloud-init-config-suse-19.4-37.39.1
Ссылки

Описание

In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.

Затронутые продукты
Image SLES12-SP5-Azure-BYOS:cloud-init-19.4-37.39.1
Image SLES12-SP5-Azure-BYOS:cloud-init-config-suse-19.4-37.39.1
Image SLES12-SP5-Azure-Basic-On-Demand:cloud-init-19.4-37.39.1
Image SLES12-SP5-Azure-Basic-On-Demand:cloud-init-config-suse-19.4-37.39.1
Ссылки