SUSE: 2024:0128-1 moderate: cloud-init
Summary
##
This update for cloud-init contains the following fixes:
* Move fdupes call back to %install.(bsc#1214169)
* Update to version 23.3. (bsc#1216011)
* (bsc#1215794)
* (bsc#1215740)
* (bsc#1216007)
* Bump pycloudlib to 1!5.1.0 for ec2 mantic daily image support (#4390)
* Fix cc_keyboard in mantic (LP: #2030788)
* ec2: initialize get_instance_userdata return value to bytes (#4387) [Noah
Meyerhans]
* cc_users_groups: Add doas/opendoas support (#4363) [dermotbradley]
* Fix pip-managed ansible
* status: treat SubState=running and MainPID=0 as service exited
* azure/imds: increase read-timeout to 30s (#4372) [Chris Patterson]
* collect-logs fix memory usage (SC-1590) (#4289) [Alec Warren] (LP: #1980150)
* cc_mounts: Use fallocate to create swapfile on btrfs (#4369)
* Undocument nocloud-net (#4318)
* feat(akamai): add akamai to settings.py and apport.py (#4370)
* read-version: fallback to get_version when git describe fails (#4366)
* apt: fix cloud-init status --wait blocking on systemd v 253 (#4364)
* integration tests: Pass username to pycloudlib (#4324)
* Bump pycloudlib to 1!5.1.0 (#4353)
* cloud.cfg.tmpl: reorganise, minimise/reduce duplication (#4272)
[dermotbradley]
* analyze: fix (unexpected) timestamp parsing (#4347) [Mina GaliÄ]
* cc_growpart: fix tests to run on FreeBSD (#4351) [Mina GaliÄ]
* subp: Fix spurious test failure on FreeBSD (#4355) [Mina GaliÄ]
* cmd/clean: fix tests on non-Linux platforms (#4352) [Mina GaliÄ]
* util: Fix get_proc_ppid() on non-Linux systems (#4348) [Mina GaliÄ]
* cc_wireguard: make tests pass on FreeBSD (#4346) [Mina GaliÄ]
* unittests: fix breakage in test_read_cfg_paths_fetches_cached_datasource
(#4328) [Ani Sinha]
* Fix test_tools.py collection (#4315)
* cc_keyboard: add Alpine support (#4278) [dermotbradley]
* Flake8 fixes (#4340) [Robert Schweikert]
* cc_mounts: Fix swapfile not working on btrfs (#4319) [çç
饼] (LP: #1884127)
* ds-identify/CloudStack: $DS_MAYBE if vm running on vmware/xen (#4281) [Wei
Zhou]
* ec2: Support double encoded userdata (#4275) [Noah Meyerhans]
* cc_mounts: xfs is a Linux only FS (#4334) [Mina GaliÄ]
* tests/net: fix TestGetInterfaces' mock coverage for get_master (#4336)
[Chris Patterson]
* change openEuler to openeuler and fix some bugs in openEuler (#4317)
[sxt1001]
* Replace flake8 with ruff (#4314)
* NM renderer: set default IPv6 addr-gen-mode for all interfaces to eui64
(#4291) [Ani Sinha]
* cc_ssh_import_id: add Alpine support and add doas support (#4277)
[dermotbradley]
* sudoers not idempotent (SC-1589) (#4296) [Alec Warren] (LP: #1998539)
* Added support for Akamai Connected Cloud (formerly Linode) (#4167) [Will
Smith]
* Fix reference before assignment (#4292)
* Overhaul module reference page (#4237) [Sally]
* replaced spaces with commas for setting passenv (#4269) [Alec Warren]
* DS VMware: modify a few log level (#4284) [PengpengSun]
* tools/read-version refactors and unit tests (#4268)
* Ensure get_features() grabs all features (#4285)
* Don't always require passlib dependency (#4274)
* tests: avoid leaks into host system checking of ovs-vsctl cmd (#4275)
* Fix NoCloud kernel commandline key parsing (#4273)
* testing: Clear all LRU caches after each test (#4249)
* Remove the crypt dependency (#2139) [Gonéri Le Bouder]
* logging: keep current file mode of log file if its stricter than the new
mode (#4250) [Ani Sinha]
* Remove default membership in redundant groups (#4258) [Dave Jones] (LP:
#1923363)
* doc: improve datasource_creation.rst (#4262)
* Remove duplicate Integration testing button (#4261) [Rishita Shaw]
* tools/read-version: fix the tool so that it can handle version parsing
errors (#4234) [Ani Sinha]
* net/dhcp: add udhcpc support (#4190) [Jean-François Roche]
* DS VMware: add i386 arch dir to deployPkg plugin search path [PengpengSun]
* LXD moved from linuxcontainers.org to Canonical [Simon Deziel]
* cc_mounts.py: Add note about issue with creating mounts inside mounts
(#4232) [dermotbradley]
* lxd: install lxd from snap, not deb if absent in image
* landscape: use landscape-config to write configuration
* Add deprecation log during init of DataSourceDigitalOcean (#4194) [tyb-
truth]
* doc: fix typo on apt.primary.arches (#4238) [Dan Bungert]
* Inspect systemd state for cloud-init status (#4230)
* instance-data: add system-info and features to combined-cloud-config (#4224)
* systemd: Block login until config stage completes (#2111) (LP: #2013403)
* tests: proposed should invoke apt-get install -t=
References
* bsc#1198269
* bsc#1201010
* bsc#1214169
* bsc#1215740
* bsc#1215794
* bsc#1216007
* bsc#1216011
Cross-
* CVE-2023-1786
CVSS scores:
* CVE-2023-1786 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-1786 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* Public Cloud Module 15-SP2
* Public Cloud Module 15-SP1
* Public Cloud Module 15-SP3
* Public Cloud Module 15-SP4
* Public Cloud Module 15-SP5
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.0
* SUSE Manager Proxy 4.1
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.0
* SUSE Manager Retail Branch Server 4.1
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.0
* SUSE Manager Server 4.1
* SUSE Manager Server 4.2
* SUSE Manager Server 4.3
An update that solves one vulnerability and has six security fixes can now be
installed.
##
* https://www.suse.com/security/cve/CVE-2023-1786.html
* https://bugzilla.suse.com/show_bug.cgi?id=1198269
* https://bugzilla.suse.com/show_bug.cgi?id=1201010
* https://bugzilla.suse.com/show_bug.cgi?id=1214169
* https://bugzilla.suse.com/show_bug.cgi?id=1215740
* https://bugzilla.suse.com/show_bug.cgi?id=1215794
* https://bugzilla.suse.com/show_bug.cgi?id=1216007
* https://bugzilla.suse.com/show_bug.cgi?id=1216011