Download
| Alert*
oval:org.secpod.oval:def:67989
The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fix: * cloud-init: Use of random.choice when generating random password * ... oval:org.secpod.oval:def:504736 The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fix: * cloud-init: Use of random.choice when generating random password * ... oval:org.secpod.oval:def:1601426 A flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used for generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the victim ... oval:org.secpod.oval:def:504325 The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. The following packages have been upgraded to a later upstream version: cloud-init . ... oval:org.secpod.oval:def:1504453 [19.4-11.0.1] - Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 [Orabug: 30435672] - Update OCI Datasource to support IMDSv2 - limit permissions [Orabug: 31352433] - Changes to ignore all enslaved interfaces [Orabug: 30092148] - Fix swap file size allocation logic to allocat ... oval:org.secpod.oval:def:1503995 [19.4-7.0.3] - Add conditional restart of NetworkManager for cloud-final. [Orabug: 31965645] - Correct postinstall upgrade cloud-init.service mismerge order. [19.4-7.0.1] - Add Oracle Linux variant to known distros - Add cloud-init hotplug event handling support [Orabug: 30485135] - Oracle data sour ... oval:org.secpod.oval:def:1700540 The default cloud-init configuration included "ssh_deletekeys: 0", disabling cloud-init"s deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct m ... oval:org.secpod.oval:def:205627 The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. The following packages have been upgraded to a later upstream version: cloud-init . ... oval:org.secpod.oval:def:2004226 In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. |