[USN-6042-2] Cloud-init regression

Marc Deslauriers marc.deslauriers at canonical.com
Tue May 23 14:52:05 UTC 2023

Ubuntu Security Notice USN-6042-2
May 23, 2023

cloud-init regression

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS


USN-6042-1 introduced a regression in Cloud-init.

Software Description:
- cloud-init: initialization and customization tool for cloud instances


USN-6042-1 fixed a vulnerability in Cloud-init. The update introduced a
regression on Ubuntu 20.04 LTS resulting in a possible loss of networking.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

  James Golovich discovered that sensitive data could be exposed in logs. An
  attacker could use this information to find hashed passwords and possibly
  escalate their privilege.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
   cloud-init                      23.1.2-0ubuntu0~20.04.2

In general, a standard system update will make all the necessary changes.


Package Information:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20230523/df8b46e0/attachment.sig>

More information about the ubuntu-security-announce mailing list