Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE Leap 15.4-5: 2024:128 critical: cloud-init security patch

suse
Calendar Grey January 17, 2024
Dist Suse Esm H88
SUSE releases a critical update for cloud-init, rectifying significant vulnerabilities and improving the overall efficiency of the system.
* bsc#1198269 * bsc#1201010 * bsc#1214169 * bsc#1215740 * bsc#1215794

Summary

## This update for cloud-init contains the following fixes: * Move fdupes call back to %install.(bsc#1214169) * Update to version 23.3. (bsc#1216011) * (bsc#1215794) * (bsc#1215740) * (bsc#1216007) * Bump pycloudlib to 1!5.1.0 for ec2 mantic daily image support (#4390) * Fix cc_keyboard in mantic (LP: #2030788) * ec2: initialize get_instance_userdata return value to bytes (#4387) [Noah Meyerhans] * cc_users_groups: Add doas/opendoas support (#4363) [dermotbradley] * Fix pip-managed ansible * status: treat SubState=running and MainPID=0 as service exited * azure/imds: increase read-timeout to 30s (#4372) [Chris Patterson] * collect-logs fix memory usage (SC-1590) (#4289) [Alec Warren] (LP: #1980150) * cc_mounts: Use fallocate to create swapfile on btrfs (#4369) * Undocument nocloud-net (#4318)

Topics%20covered

Topics Covered

security advisory security patch system stability SUSE cloud-init dependency removal

References

* bsc#1198269

* bsc#1201010

* bsc#1214169

* bsc#1215740

* bsc#1215794

* bsc#1216007

* bsc#1216011

Cross-

* CVE-2023-1786

CVSS scores:

* CVE-2023-1786 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-1786 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.4

* openSUSE Leap 15.5

* Public Cloud Module 15-SP2

* Public Cloud Module 15-SP1

* Public Cloud Module 15-SP3

* Public Cloud Module 15-SP4

* Public Cloud Module 15-SP5

* SUSE Linux Enterprise High Performance Computing 15 SP1

* SUSE Linux Enterprise High Performance Computing 15 SP2

* SUSE Linux Enterprise High Performance Computing 15 SP3

* SUSE Linux Enterprise High Performance Computing 15 SP4

* SUSE Linux Enterprise High Performance Computing 15 SP5

* SUSE Linux Enterprise Server 15 SP1

Announcement ID: SUSE-SU-2024:0128-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory security patch system stability SUSE cloud-init dependency removal

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here