Explore top 10 tips to secure your open-source projects now. Read More
×
cloud-init could write sensitive information to logs.
Software Description:
- cloud-init: initialization and customization tool for cloud instances
Details:
James Glovich discovered that sensitive data could be exposed in logs. An
attacker could use this information to find hashed passwords and possibly
escalate their privilege.
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: cloud-init 23.1.2-0ubuntu0~23.04.1 Ubuntu 22.10: cloud-init 23.1.2-0ubuntu0~22.10.1 Ubuntu 22.04 LTS: cloud-init 23.1.2-0ubuntu0~22.04.1 Ubuntu 20.04 LTS: cloud-init 23.1.2-0ubuntu0~20.04.1 Ubuntu 18.04 LTS: cloud-init 23.1.2-0ubuntu0~18.04.1 Ubuntu 16.04 ESM: cloud-init 21.1-19-gbad84ad4-0ubuntu1~16.04.4 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6042-1
CVE-2023-1786, https://bugs.launchpad.net/cloud-init/+bug/2013967
Get the latest Linux and open source security news straight to your inbox.