UbuntuUpdates.org

Package "cloud-init"

Name: cloud-init

Description:

initialization and customization tool for cloud instances
Latest version: 23.1.2-0ubuntu0~23.04.1
Release: lunar (23.04)
Level: security
Repository: main
Homepage: https://cloud-init.io/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "cloud-init"

All arch deb package
APT INSTALL

Other versions of "cloud-init" in Lunar

Repository Area Version
base main 23.1.1-0ubuntu2
updates main 23.3.3-0ubuntu0~23.04.1

Changelog

Version: 23.1.2-0ubuntu0~23.04.1 2023-04-26 01:07:02 UTC

  cloud-init (23.1.2-0ubuntu0~23.04.1) lunar; urgency=medium

  * d/changelog: updating 23.1.1-0ubuntu2 changelog entry deleting
    mention of a snapshot that was not performed
  * SECURITY UPDATE: Make user/vendor data sensitive and remove log permissions
    Because user data and vendor data may contain sensitive information,
    this commit ensures that any user data or vendor data written to
    instance-data.json gets redacted and is only available to root user.

    Also, modify the permissions of cloud-init.log to be 640, so that
    sensitive data leaked to the log isn't world readable.
    Additionally, remove the logging of user data and vendor data to
    cloud-init.log from the Vultr datasource.

    This is based on upstream release of 23.1.2 [(LP: #2013967)]

    - d/cloud-init.postinst: postinst fixes for LP: #2013967
      Redact sensitive keys from world-readable instance-data.json on upgrade.
      Set perms 640 for /var/log/cloud-init.log on pkg upgrade.
      Redact sensitive Vultr messages from /var/log/cloud-init.log
    - (CVE-2023-1786)

 -- James Falcon <email address hidden> Mon, 24 Apr 2023 15:45:43 -0500
CVE-2023-1786 RESERVED


About   -   Send Feedback to @ubuntu_updates