CVE-2019-0816

A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.

References

Affected packages

Debian:11 / cloud-init

Package

Name: cloud-init
Purl: pkg:deb/debian/cloud-init?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.3-6

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / cloud-init

Package

Name: cloud-init
Purl: pkg:deb/debian/cloud-init?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.3-6

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / cloud-init

Package

Name: cloud-init
Purl: pkg:deb/debian/cloud-init?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.3-6

Ecosystem specific

{
    "urgency": "low"
}