Overview

File _patchinfo of Package patchinfo.20070

<patchinfo incident="20070">
  <issue tracker="bnc" id="1210277">VUL-0: CVE-2023-1786: cloud-init: security vulnerability</issue>
  <issue tracker="bnc" id="1181283">cloudinit is including sudoers.d files twice</issue>
  <issue tracker="bnc" id="1184758">VUL-0: CVE-2021-3429: cloud-init: randomly generated passwords logged in clear-text to world-readable file</issue>
  <issue tracker="bnc" id="1183939">cloud-init using 644 mode for log files</issue>
  <issue tracker="bnc" id="1184085">SLES issues with bonding &amp; cloud-init</issue>
  <issue tracker="cve" id="2023-1786"/>
  <issue tracker="cve" id="2021-3429"/>
  <packager>rjschwei</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for cloud-init</summary>
  <description>This update for cloud-init contains following fixes:

 - CVE-2021-3429: Do not write the generated password to the log file. (bsc#1184758)
 - CVE-2023-1786: Do not expose sensitive data gathered from the CSP. (bsc#1210277)

Other fixes:
 - Change log file creation mode to 640. (bsc#1183939)
 - Write proper bonding option configuration for SLE/openSUSE. (bsc#1184085)
 - Do not including sudoers.d directory twice. (bsc#1181283)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places