MGASA-2020-0295

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2020-0295.html
Import Source
https://advisories.mageia.org/MGASA-2020-0295.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2020-0295
Related
Published
2020-07-31T23:25:42Z
Modified
2020-07-31T22:39:39Z
Summary
Updated cloud-init packages fix security vulnerability
Details

In cloud-init, relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function (CVE-2020-8631).

In cloud-init, randuserpassword in cloudinit/config/ccsetpasswords.py has a small default pwlen value, which makes it easier for attackers to guess passwords (CVE-2020-8632).

References
Credits

Affected packages

Mageia:7 / cloud-init

Package

Name
cloud-init
Purl
pkg:rpm/mageia/cloud-init?arch=source&distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.5-7.1.mga7

Ecosystem specific 

{
    "section": "core"
}