Описание
Security update for cloud-init
This update for cloud-init to version 19.2 fixes the following issues:
Security issue fixed:
- CVE-2019-0816: Fixed the unnecessary extra ssh keys that were added to authorized_keys (bsc#1129124).
Non-security issues fixed:
- Short circuit the conditional for identifying the sysconfig renderer (bsc#1154092, bsc#1142988).
- If /etc/resolv.conf is a symlink, break it. This will avoid netconfig from clobbering the changes cloud-init applied (bsc#1151488).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Список пакетов
openSUSE Leap 15.1
cloud-init-19.2-lp151.2.9.1
cloud-init-config-suse-19.2-lp151.2.9.1
cloud-init-doc-19.2-lp151.2.9.1
Ссылки
- E-Mail link for openSUSE-SU-2019:2633-1
- SUSE Security Ratings
- SUSE Bug 1099358
- SUSE Bug 1129124
- SUSE Bug 1136440
- SUSE Bug 1142988
- SUSE Bug 1144363
- SUSE Bug 1151488
- SUSE Bug 1154092
- SUSE CVE CVE-2019-0816 page
Описание
A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.
Затронутые продукты
openSUSE Leap 15.1:cloud-init-19.2-lp151.2.9.1
openSUSE Leap 15.1:cloud-init-config-suse-19.2-lp151.2.9.1
openSUSE Leap 15.1:cloud-init-doc-19.2-lp151.2.9.1
Ссылки
- CVE-2019-0816
- SUSE Bug 1129124