========================================================================== Ubuntu Security Notice USN-6042-1 April 26, 2023 cloud-init vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: cloud-init could write sensitive information to logs. Software Description: - cloud-init: initialization and customization tool for cloud instances Details: James Glovich discovered that sensitive data could be exposed in logs. An attacker could use this information to find hashed passwords and possibly escalate their privilege. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: cloud-init 23.1.2-0ubuntu0~23.04.1 Ubuntu 22.10: cloud-init 23.1.2-0ubuntu0~22.10.1 Ubuntu 22.04 LTS: cloud-init 23.1.2-0ubuntu0~22.04.1 Ubuntu 20.04 LTS: cloud-init 23.1.2-0ubuntu0~20.04.1 Ubuntu 18.04 LTS: cloud-init 23.1.2-0ubuntu0~18.04.1 Ubuntu 16.04 ESM: cloud-init 21.1-19-gbad84ad4-0ubuntu1~16.04.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6042-1 CVE-2023-1786, https://bugs.launchpad.net/cloud-init/+bug/2013967 Package Information: https://launchpad.net/ubuntu/+source/cloud-init/23.1.2-0ubuntu0~23.04.1 https://launchpad.net/ubuntu/+source/cloud-init/23.1.2-0ubuntu0~22.10.1 https://launchpad.net/ubuntu/+source/cloud-init/23.1.2-0ubuntu0~22.04.1 https://launchpad.net/ubuntu/+source/cloud-init/23.1.2-0ubuntu0~20.04.1 https://launchpad.net/ubuntu/+source/cloud-init/23.1.2-0ubuntu0~18.04.1
Ubuntu 6042-1: Cloud-init vulnerability
April 26, 2023
cloud-init could write sensitive information to logs.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: cloud-init could write sensitive information to logs. Software Description: - cloud-init: initialization and customization tool for cloud instances Details: James Glovich discovered that sensitive data could be exposed in logs. An attacker could use this information to find hashed passwords and possibly escalate their privilege.
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: cloud-init 23.1.2-0ubuntu0~23.04.1 Ubuntu 22.10: cloud-init 23.1.2-0ubuntu0~22.10.1 Ubuntu 22.04 LTS: cloud-init 23.1.2-0ubuntu0~22.04.1 Ubuntu 20.04 LTS: cloud-init 23.1.2-0ubuntu0~20.04.1 Ubuntu 18.04 LTS: cloud-init 23.1.2-0ubuntu0~18.04.1 Ubuntu 16.04 ESM: cloud-init 21.1-19-gbad84ad4-0ubuntu1~16.04.4 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-6042-1
CVE-2023-1786, https://bugs.launchpad.net/cloud-init/+bug/2013967
Severity
Ubuntu Security Notice USN-6042-1
Package Information
https://launchpad.net/ubuntu/+source/cloud-init/23.1.2-0ubuntu0~23.04.1 https://launchpad.net/ubuntu/+source/cloud-init/23.1.2-0ubuntu0~22.10.1 https://launchpad.net/ubuntu/+source/cloud-init/23.1.2-0ubuntu0~22.04.1 https://launchpad.net/ubuntu/+source/cloud-init/23.1.2-0ubuntu0~20.04.1 https://launchpad.net/ubuntu/+source/cloud-init/23.1.2-0ubuntu0~18.04.1
News
HOWTOs
About Us
Powered By
