26 matches found
MiracleLinux 8 : cloud-init-19.4-11.el8 (AXSA:2021-1222:01)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1222:01 advisory. cloud-init: Use of random.choice when generating random password CVE-2020-8631 cloud-init: Too short random password length in ccsetpassword in...
K33846344: Cloud-init vulnerabilities CVE-2020-8631 and CVE-2020-8632
Security Advisory Description CVE-2020-8631 cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function. CVE-2020-8632 In cloud-init through 19.4,...
Mageia: Security Advisory (MGASA-2020-0295)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:0751-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Medium: cloud-init
Issue Overview: A flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used for generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the...
NewStart CGSL MAIN 6.02 : cloud-init Multiple Vulnerabilities (NS-SA-2021-0062)
The remote NewStart CGSL host, running version MAIN 6.02, has cloud-init packages installed that are affected by multiple vulnerabilities: - In cloud-init through 19.4, randuserpassword in cloudinit/config/ccsetpasswords.py has a small default pwlen value, which makes it easier for attackers to...
Medium: cloud-init
Issue Overview: The default cloud-init configuration included "sshdeletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one...
CVE-2020-8632 affecting package cloud-init 19.1-6
CVE-2020-8632 affecting package cloud-init 19.1-6. A patched version of the package is available...
Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2020-2333)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP2 : cloud-init (EulerOS-SA-2020-2333)
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In cloud-init through 19.4, randuserpassword in cloudinit/config/ccsetpasswords.py has a small default pwlen value, which makes it easier for...
Scientific Linux Security Update : cloud-init on SL7.x x86_64 (20201001)
Security Fixes : - cloud-init: Use of random.choice when generating random password CVE-2020-8631 - cloud-init: Too short random password length in ccsetpassword in config/ccsetpasswords.py CVE-2020-8632 - cloud-init: default configuration disabled deletion of SSH host keys CVE-2018-10896 C Tenab...
cloud security update
CentOS Errata and Security Advisory CESA-2020:3898 An update for cloud-init is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...
Moderate: Red Hat Security Advisory: cloud-init security, bug fix, and enhancement update
An update for cloud-init is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
RHEL 7 : cloud-init (RHSA-2020:3898)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3898 advisory. The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization...
Updated cloud-init packages fix security vulnerability
In cloud-init, relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function CVE-2020-8631. In cloud-init, randuserpassword in cloudinit/config/ccsetpasswords.py has a small default...
openSUSE Security Update : cloud-init (openSUSE-2020-400)
This update for cloud-init fixes the following security issues : - CVE-2020-8631: Replaced the theoretically predictable deterministic RNG with the system RNG bsc1162937. - CVE-2020-8632: Increased the default random password length from 9 to 20 bsc1162936. This update was imported from the...
openSUSE: Security Advisory for cloud-init (openSUSE-SU-2020:0400-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for cloud-init (moderate)
openSUSE Security Update: Security update for cloud-init Announcement ID: openSUSE-SU-2020:0400-1 Rating: moderate References: 1162936 1162937 1163178 Cross-References: CVE-2020-8631 CVE-2020-8632 Affected Products: openSUSE Leap 15.1 An update that solves two vulnerabilities and has one errata i...
SUSE SLED15 / SLES15 Security Update : cloud-init (SUSE-SU-2020:0751-1)
This update for cloud-init fixes the following security issues : CVE-2020-8631: Replaced the theoretically predictable deterministic RNG with the system RNG bsc1162937. CVE-2020-8632: Increased the default random password length from 9 to 20 bsc1162936. Note that Tenable Network Security has...
EulerOS 2.0 SP5 : cloud-init (EulerOS-SA-2020-1304)
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In cloud-init through 19.4, randuserpassword in cloudinit/config/ccsetpasswords.py has a small default pwlen value, which makes it easier for...