cloud-init 23.1.2-0ubuntu0~22.04.1 source package in Ubuntu
Changelog
cloud-init (23.1.2-0ubuntu0~22.04.1) jammy; urgency=medium
* SECURITY UPDATE: Make user/vendor data sensitive and remove log permissions
Because user data and vendor data may contain sensitive information,
this commit ensures that any user data or vendor data written to
instance-data.json gets redacted and is only available to root user.
Also, modify the permissions of cloud-init.log to be 640, so that
sensitive data leaked to the log isn't world readable.
Additionally, remove the logging of user data and vendor data to
cloud-init.log from the Vultr datasource.
This is based on upstream snapshot of 23.1.2 [(LP: #2013967)]
- d/cloud-init.postinst: postinst fixes for LP: #2013967
Redact sensitive keys from world-readable instance-data.json on upgrade.
Set perms 640 for /var/log/cloud-init.log on pkg upgrade.
Redact sensitive Vultr messages from /var/log/cloud-init.log
- (CVE-2023-1786)
-- James Falcon <email address hidden> Thu, 20 Apr 2023 20:37:40 -0500
Upload details
- Uploaded by:
- James Falcon
- Sponsored by:
- Chad Smith
- Uploaded to:
- Jammy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- admin
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Jammy | security | main | admin |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| cloud-init_23.1.2.orig.tar.gz | 1.5 MiB | 4c3a2499d9953902a550e2134cceb5a9afd2324009404f6d52bb82d3e96dec3f |
| cloud-init_23.1.2-0ubuntu0~22.04.1.debian.tar.xz | 87.3 KiB | 5e82b46d975661f3f73cb3ba00fe2023ff05797b9178d67122b655548e454d73 |
| cloud-init_23.1.2-0ubuntu0~22.04.1.dsc | 2.2 KiB | d1efd7d312faac55b2c69ff268eb977f07663d6617e7dbf0a607bf4e0330d65e |
Available diffs
Binary packages built by this source
- cloud-init: initialization and customization tool for cloud instances
Cloud-init is the industry standard multi-distribution method for
cross-platform cloud instance initialization. It is supported across all major
public cloud providers, provisioning systems for private cloud infrastructure,
and bare-metal installations.
.
Cloud instances are initialized from a disk image and instance data:
.
* Cloud metadata
* User data (optional)
* Vendor data (optional)
.
Cloud-init will identify the cloud it is running on during boot, read any
provided metadata from the cloud and initialize the system accordingly. This
may involve setting up the network and storage devices to configuring SSH
access key and many other aspects of a system. Later on the cloud-init will
also parse and process any optional user or vendor data that was passed to
the instance.
