cloud-init-19.4-1.el8.7
エラータID: AXSA:2020-635:05
Release date:
Thursday, October 8, 2020 - 05:08
Subject:
cloud-init-19.4-1.el8.7
Affected Channels:
Asianux Server 8 for x86_64
Severity:
Low
Description:
instances need special scripts to run during initialization to retrieve and
install SSH keys, and to let the user run various scripts.
The following packages have been upgraded to a later upstream version:
cloud-init (19.4).
Security Fix(es):
cloud-init: default configuration disabled deletion of SSH host keys
(CVE-2018-10896)
The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks.
Solution:
Update packages.
CVEs:
CVE-2018-10896
The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks.
The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks.
Additional Info:
N/A
Download:
SRPMS
- cloud-init-19.4-1.el8.7.src.rpm
MD5: 42953f0d67a6710c36fb86c8334f99e4
SHA-256: fffd5d3f098c09ee5f5255a9c99d0f0ca2d84aff215ee2667bb99a8164e334e0
Size: 1.09 MB
Asianux Server 8 for x86_64
- cloud-init-19.4-1.el8.7.noarch.rpm
MD5: 8749aa861d4d6ad2a0268d30edeb2932
SHA-256: 3a90e189cf4afc145f5988ca0f14c9f61456bdc3faae436e749e1f0a1354a2ac
Size: 928.98 kB
日本語