moderate: cloud-init security update
moderate
An update for cloud-init is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
cloud-init:
Security Fix(es):
cloud-init: A flaw was found in cloud-init. When a system is configured through cloud-init and the "Set Passwords" module is used with "chpasswd" directive and "RANDOM", the randomly generated password for the relative user is written in clear-text in a file readable by any existing user of the system. The highest threat from this vulnerability is to data confidentiality and it may allow a local attacker to log in as another user.(CVE-2021-3429)
cloud-init: A vulnerability was found in cloud-init. With this flaw, sensitive data could be exposed in world-readable cloud-init logs when schema failures are reported. This issue leak could include hashed passwords.(CVE-2022-2084)
cloud-init: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.03B8.