[USN-6042-2] Cloud-init regression
Marc Deslauriers
marc.deslauriers at canonical.com
Tue May 23 14:52:05 UTC 2023
==========================================================================
Ubuntu Security Notice USN-6042-2
May 23, 2023
cloud-init regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
USN-6042-1 introduced a regression in Cloud-init.
Software Description:
- cloud-init: initialization and customization tool for cloud instances
Details:
USN-6042-1 fixed a vulnerability in Cloud-init. The update introduced a
regression on Ubuntu 20.04 LTS resulting in a possible loss of networking.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
James Golovich discovered that sensitive data could be exposed in logs. An
attacker could use this information to find hashed passwords and possibly
escalate their privilege.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
cloud-init 23.1.2-0ubuntu0~20.04.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6042-2
https://ubuntu.com/security/notices/USN-6042-1
https://launchpad.net/bugs/2020375
Package Information:
https://launchpad.net/ubuntu/+source/cloud-init/23.1.2-0ubuntu0~20.04.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20230523/df8b46e0/attachment.sig>
More information about the ubuntu-security-announce
mailing list