cloud-init-19.4-11.el8
エラータID: AXSA:2021-1222:01
The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts.
Security Fix(es):
* cloud-init: Use of random.choice when generating random password (CVE-2020-8631)
* cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py (CVE-2020-8632)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Asianux Server 8.3 Release Notes linked from the References section.
CVE-2020-8631
cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.
CVE-2020-8632
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.
Update packages.
cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.
N/A
SRPMS
- cloud-init-19.4-11.el8.src.rpm
MD5: 4a034ace516726d953acd362e0fea4cd
SHA-256: 970ee7460cdbb4cc505fca32cb1e371222383fa6641752e439925309713252e3
Size: 1.10 MB
Asianux Server 8 for x86_64
- cloud-init-19.4-11.el8.noarch.rpm
MD5: f682a9e93ca18da9d4d4e968332209e5
SHA-256: ecbb2e207c8f6479d73095c00c16325efbc667e541064640ff3858c07372ac45
Size: 933.42 kB
日本語