17 matches found
AlmaLinux 9 : cloud-init (ALSA-2025:10848)
The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:10848 advisory. cloud-init: Cloud init permissions flaw CVE-2024-6174 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note th...
RHSA-2025:11339 Red Hat Security Advisory: cloud-init security update
Bulletin has no description...
RHSA-2025:11337 Red Hat Security Advisory: cloud-init security update
Bulletin has no description...
Important: Red Hat Security Advisory: cloud-init security update
An update for cloud-init is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.8 Telecommunications Update Service, and Red Hat Enterprise Linux 8.8 Extended Update Support EXTENSION. Red Hat Product Security has rated this update as havin...
Important: cloud-init security update
The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: Cloud init permissions flaw CVE-2024-6174 For more...
Azure Linux 3.0 Security Update: cloud-init (CVE-2024-6174)
The version of cloud-init installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6174 advisory. - When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP...
Important: Red Hat Security Advisory: cloud-init security update
An update for cloud-init is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Important: cloud-init security update
The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: Cloud init permissions flaw CVE-2024-6174 For more...
ALSA-2025:10848 Important: cloud-init security update
The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: Cloud init permissions flaw CVE-2024-6174 For more...
CVE-2024-11584
cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands...
CVE-2024-11584
CVE-2024-11584 affects cloud-init up to 25.1.2 where the systemd socket unit cloud-init-hotplugd.socket uses 0666 permissions, making the /run/cloud-init/hook-hotplug-cmd FIFO world-writable. This enables an unprivileged user to trigger hotplug-hook commands. The connected Nessus advisories confi...
SUSE-SU-2023:2628-1 Security update for cloud-init
This update for cloud-init fixes the following issues: - CVE-2023-1786: Do not expose sensitive data gathered from the CSP. bsc1210277 - CVE-2022-2084: Fixed a bug which caused logging schema failures can include password hashes. bsc1210652 - Update to version 23.1 + Support transactional-updates...
MGASA-2021-0494 Updated cloud-init packages fix security vulnerability
cloud-init has the ability to generate and set a randomized password for system users. This functionality is enabled at runtime by passing cloud-config data such as: 'chpasswd: list: | user1:RANDOM' When instructing cloud-init to set a random password for a new user account, versions before 21.1....
MGASA-2020-0295 Updated cloud-init packages fix security vulnerability
In cloud-init, relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function CVE-2020-8631. In cloud-init, randuserpassword in cloudinit/config/ccsetpasswords.py has a small default...
SUSE-SU-2020:0818-1 Security update for cloud-init
This update for cloud-init fixes the following security issues: - CVE-2020-8631: Replaced the theoretically predictable deterministic random number generator with the system RNG bsc1162937. - CVE-2020-8632: Increased the default random password length from 9 to 20 bsc1162936...
SUSE-SU-2020:0585-1 Security update for cloud-init
This update for cloud-init fixes the following security issues: - CVE-2020-8631: Replaced the theoretically predictable deterministic RNG with the system RNG bsc1162937. - CVE-2020-8632: Increased the default random password length from 9 to 20 bsc1162936...
DLA-2113-1 cloud-init - security update
Bulletin has no description...