Описание
Security update for cloud-init
This update for cloud-init contains following fixes:
- CVE-2021-3429: Do not write the generated password to the log file. (bsc#1184758)
- CVE-2023-1786: Do not expose sensitive data gathered from the CSP. (bsc#1210277)
Other fixes:
- Change log file creation mode to 640. (bsc#1183939)
- Write proper bonding option configuration for SLE/openSUSE. (bsc#1184085)
- Do not including sudoers.d directory twice. (bsc#1181283)
Список пакетов
Image SLES12-SP5-Azure-BYOS
cloud-init-20.2-37.57.1
cloud-init-config-suse-20.2-37.57.1
Image SLES12-SP5-Azure-Basic-On-Demand
cloud-init-20.2-37.57.1
cloud-init-config-suse-20.2-37.57.1
Image SLES12-SP5-Azure-HPC-BYOS
cloud-init-20.2-37.57.1
cloud-init-config-suse-20.2-37.57.1
Image SLES12-SP5-Azure-HPC-On-Demand
cloud-init-20.2-37.57.1
cloud-init-config-suse-20.2-37.57.1
Image SLES12-SP5-Azure-SAP-BYOS
cloud-init-20.2-37.57.1
cloud-init-config-suse-20.2-37.57.1
Image SLES12-SP5-Azure-SAP-On-Demand
cloud-init-20.2-37.57.1
cloud-init-config-suse-20.2-37.57.1
Image SLES12-SP5-Azure-Standard-On-Demand
cloud-init-20.2-37.57.1
cloud-init-config-suse-20.2-37.57.1
Image SLES12-SP5-EC2-BYOS
cloud-init-20.2-37.57.1
cloud-init-config-suse-20.2-37.57.1
Image SLES12-SP5-EC2-ECS-On-Demand
cloud-init-20.2-37.57.1
cloud-init-config-suse-20.2-37.57.1
Image SLES12-SP5-EC2-On-Demand
cloud-init-20.2-37.57.1
cloud-init-config-suse-20.2-37.57.1
Image SLES12-SP5-EC2-SAP-BYOS
cloud-init-20.2-37.57.1
cloud-init-config-suse-20.2-37.57.1
Image SLES12-SP5-EC2-SAP-On-Demand
cloud-init-20.2-37.57.1
cloud-init-config-suse-20.2-37.57.1
SUSE Linux Enterprise Module for Public Cloud 12
cloud-init-20.2-37.57.1
cloud-init-config-suse-20.2-37.57.1
Ссылки
- Link for SUSE-SU-2023:2164-1
- E-Mail link for SUSE-SU-2023:2164-1
- SUSE Security Ratings
- SUSE Bug 1181283
- SUSE Bug 1183939
- SUSE Bug 1184085
- SUSE Bug 1184758
- SUSE Bug 1210277
- SUSE CVE CVE-2021-3429 page
- SUSE CVE CVE-2023-1786 page
Описание
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:cloud-init-20.2-37.57.1
Image SLES12-SP5-Azure-BYOS:cloud-init-config-suse-20.2-37.57.1
Image SLES12-SP5-Azure-Basic-On-Demand:cloud-init-20.2-37.57.1
Image SLES12-SP5-Azure-Basic-On-Demand:cloud-init-config-suse-20.2-37.57.1
Ссылки
- CVE-2021-3429
- SUSE Bug 1184758
Описание
Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:cloud-init-20.2-37.57.1
Image SLES12-SP5-Azure-BYOS:cloud-init-config-suse-20.2-37.57.1
Image SLES12-SP5-Azure-Basic-On-Demand:cloud-init-20.2-37.57.1
Image SLES12-SP5-Azure-Basic-On-Demand:cloud-init-config-suse-20.2-37.57.1
Ссылки
- CVE-2023-1786
- SUSE Bug 1210277