cloud-init: Use of random.choice when generating random password

A flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used for generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the...

Moderate: Red Hat Security Advisory: cloud-init security, bug fix, and enhancement update

An update for cloud-init is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

RHEL 8 : cloud-init (RHSA-2020:4650)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4650 advisory. The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization...

Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2020-2408)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2020-2426)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2020-2333)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : cloud-init (EulerOS-SA-2020-2408)

According to the version of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included 'sshdeletekeys: 0', disabling cloud-init's deletion of ssh host...

EulerOS 2.0 SP2 : cloud-init (EulerOS-SA-2020-2333)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In cloud-init through 19.4, randuserpassword in cloudinit/config/ccsetpasswords.py has a small default pwlen value, which makes it easier for...

EulerOS 2.0 SP9 : cloud-init (EulerOS-SA-2020-2426)

According to the version of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included 'sshdeletekeys: 0', disabling cloud-init's deletion of ssh host...

Scientific Linux Security Update : cloud-init on SL7.x x86_64 (20201001)

Security Fixes : - cloud-init: Use of random.choice when generating random password CVE-2020-8631 - cloud-init: Too short random password length in ccsetpassword in config/ccsetpasswords.py CVE-2020-8632 - cloud-init: default configuration disabled deletion of SSH host keys CVE-2018-10896 C Tenab...

cloud security update

CentOS Errata and Security Advisory CESA-2020:3898 An update for cloud-init is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

CentOS 7 : cloud-init (RHSA-2020:3898)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3898 advisory. - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included sshdeletekeys: 0, disabling cloud-init's deletion of ssh host keys. In...

Information Disclosure

cloud-init is vulnerable to information disclosure. The vulnerability exists as ccsetpassword in config/ccsetpasswords.py accepts a password with weak length...

Predictable Password

The cloud-init is using predictable password. It uses andom.choice when generating random password...

cloud-init: default configuration disabled deletion of SSH host keys

The default cloud-init configuration included "sshdeletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct...

cloud-init: Use of random.choice when generating random password

A flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used for generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the...

cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py

A flaw was found in cloud-init, where it uses short passwords when generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the victim user...

RHEL 7 : cloud-init (RHSA-2020:3898)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3898 advisory. The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization...

EulerOS Virtualization for ARM 64 3.0.6.0 : cloud-init (EulerOS-SA-2020-2041)

According to the version of the cloud-init package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included 'sshdeletekeys: 0', disabling cloud-init...

Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2020-2041)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...