Debian: Security Advisory (DLA-2601-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : cloud-init (ALAS-2021-1620)

The version of cloud-init installed on the remote host is prior to 19.3-43. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1620 advisory. A vulnerability was discovered in cloud-init which can improperly disclose randomly generated passwords as part of the chpasswd...

NewStart CGSL MAIN 6.02 : cloud-init Vulnerability (NS-SA-2021-0051)

The remote NewStart CGSL host, running version MAIN 6.02, has cloud-init packages installed that are affected by a vulnerability: - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included sshdeletekeys: 0, disabling cloud-init's deletion of ssh host keys. In some environment...

NewStart CGSL CORE 5.04 / MAIN 5.04 : cloud-init Multiple Vulnerabilities (NS-SA-2021-0016)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has cloud-init packages installed that are affected by multiple vulnerabilities: - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included sshdeletekeys: 0, disabling cloud-init's deletion of ssh host keys...

NewStart CGSL CORE 5.04 / MAIN 5.04 : cloud-init Vulnerability (NS-SA-2021-0011)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has cloud-init packages installed that are affected by a vulnerability: - A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure S...

NewStart CGSL MAIN 6.02 : cloud-init Multiple Vulnerabilities (NS-SA-2021-0062)

The remote NewStart CGSL host, running version MAIN 6.02, has cloud-init packages installed that are affected by multiple vulnerabilities: - In cloud-init through 19.4, randuserpassword in cloudinit/config/ccsetpasswords.py has a small default pwlen value, which makes it easier for attackers to...

Medium: cloud-init

Issue Overview: A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'. CVE-2019-0816 Affected Packages: cloud-init Note: This advisory is applicabl...

Amazon Linux 2 : cloud-init (ALAS-2021-1595)

The version of cloud-init installed on the remote host is prior to 19.3-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1595 advisory. A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use...

cloud-init bug fix and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Bug Fixes and Enhancements: Azure Update existing user password RHEL8x BZ1916839...

CentOS 8 : cloud-init (CESA-2020:4650)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2020:4650 advisory. - cloud-init: Use of random.choice when generating random password CVE-2020-8631 - cloud-init: Too short random password length in ccsetpassword in...

CentOS 8 : cloud-init (CESA-2020:3050)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2020:3050 advisory. - cloud-init: default configuration disabled deletion of SSH host keys CVE-2018-10896 Note that Nessus has not tested for this issue but has instead relied only...

FreeBSD : cloud-init -- Wrong access permissions of authorized keys (8899298f-5a92-11eb-8558-3085a9a47796)

cloud-init reports : cloud-init release 20.4.1 is now available. This is a hotfix release, that contains a single patch to address a security issue in cloud-init 20.4. Briefly, for users who provide more than one unique SSH key to cloud-init and have a shared AuthorizedKeysFile configured in...

cloud-init -- Wrong access permissions of authorized keys

cloud-init reports: cloud-init release 20.4.1 is now available. This is a hotfix release, that contains a single patch to address a security issue in cloud-init 20.4. Briefly, for users who provide more than one unique SSH key to cloud-init and have a shared AuthorizedKeysFile configured in...

Medium: cloud-init

Issue Overview: The default cloud-init configuration included "sshdeletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one...

Amazon Linux 2 : cloud-init (ALAS-2021-1576)

The version of cloud-init installed on the remote host is prior to 19.3-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1576 advisory. The default cloud-init configuration included sshdeletekeys: 0, disabling cloud-init's deletion of ssh host keys. In som...

CVE-2020-8632 affecting package cloud-init 19.1-6

CVE-2020-8632 affecting package cloud-init 19.1-6. A patched version of the package is available...

CVE-2020-8631 affecting package cloud-init 19.1-6

CVE-2020-8631 affecting package cloud-init 19.1-6. A patched version of the package is available...

Oracle Linux 8 : cloud-init (ELSA-2020-4650)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-4650 advisory. - Resolves: bz1812171 CVE-2020-8632 cloud-init: Too short random password length in ccsetpassword in config/ccsetpasswords.py rhel-8 - Resolves:...

cloud-init security, bug fix, and enhancement update

19.4-11.0.1 - Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 Orabug: 30435672 - Update OCI Datasource to support IMDSv2 - limit permissions Orabug: 31352433 - Changes to ignore all enslaved interfaces Orabug: 30092148 - Fix swap file size allocation logic to allocate...

cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py

A flaw was found in cloud-init, where it uses short passwords when generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the victim user...