SUSE-SU-2023:2628-1

Source
https://www.suse.com/support/update/announcement/2023/suse-su-20232628-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:2628-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:2628-1
Related
Published
2023-06-23T19:44:04Z
Modified
2023-06-23T19:44:04Z
Summary
Security update for cloud-init
Details

This update for cloud-init fixes the following issues:

  • CVE-2023-1786: Do not expose sensitive data gathered from the CSP. (bsc#1210277)
  • CVE-2022-2084: Fixed a bug which caused logging schema failures can include password hashes. (bsc#1210652)

  • Update to version 23.1

    • Support transactional-updates for SUSE based distros
    • Set ownership for new folders in Write Files Module
    • add OpenCloudOS and TencentOS support
    • lxd: Retry if the server isn't ready
    • test: switch pycloudlib source to pypi
    • test: Fix integration test deprecation message
    • Recognize opensuse-microos, dev tooling fixes
    • sources/azure: refactor imds handler into own module
    • docs: deprecation generation support
    • add function is_virtual to distro/FreeBSD
    • cc_ssh: support multiple hostcertificates
    • Fix minor schema validation regression and fixup typing
    • doc: Reword user data debug section
    • cli: schema also validate vendordata*.
    • ci: sort and add checks for cla signers file
    • Add 'ederst' as contributor
    • readme: add reference to packages dir
    • docs: update downstream package list
    • docs: add google search verification
    • docs: fix 404 render use default notfoundurlsprefix in RTD conf
    • Fix OpenStack datasource detection on bare metal
    • docs: add themed RTD 404 page and pointer to readthedocs-hosted
    • schema: fix gpt labels, use type string for GUID
    • ccdisksetup: code cleanup
    • netplan: keep custom strict perms when 50-cloud-init.yaml exists
    • cloud-id: better handling of change in datasource files
    • Warn on empty network key
    • Fix Vultr cloud_interfaces usage
    • cc_puppet: Update puppet service name
    • docs: Clarify networking docs
    • lint: remove httpretty
    • ccsetpasswords: Prevent traceback when restarting ssh
    • tests: fix lp1912844
    • tests: Skip ansible test on bionic
    • Wait for NetworkManager
    • docs: minor polishing
    • CI: migrate integration-test to GH actions
    • Fix permission of SSH host keys
    • Fix default route rendering on v2 ipv6
    • doc: fix path in net_convert command
    • docs: update net_convert docs
    • doc: fix dead link
    • ccsethostname: ignore /var/lib/cloud/data/set-hostname if it's empty
    • distros/rhel.py: readhostname() missing strip on 'hostname'
    • integration tests: add IBM VPC support
    • machine-id: set to uninitialized to trigger regeneration on clones
    • sources/azure: retry on connection error when fetching metdata
    • Ensure ssh state accurately obtained
    • bddeb: drop dh-systemd dependency on newer deb-based releases
    • doc: fix config formats link in cloudsigma.rst
    • Fix wrong subp syntax in ccsetpasswords.py
    • docs: update the PR template link to readthedocs
    • ci: switch unittests to gh actions
    • Add mountdefaultfields for PhotonOS.
    • sources/azure: minor refactor for metadata source detection logic
    • add 'CalvoM' as contributor
    • ci: doc to gh actions
    • lxd: handle 404 from missing devices route for LXD 4.0
    • docs: Diataxis overhaul
    • vultr: Fix issue regarding cache and region codes
    • ccsetpasswords: Move ssh status checking later
    • Improve Wireguard module idempotency
    • network/netplan: add gateways as on-link when necessary
    • tests: test_lxd assert features.networks.zones when present
    • Use btrfs enquque when available (#1926) [Robert Schweikert]
    • sources/azure: fix device driver matching for net config (#1914)
    • BSD: fix duplicate macs in Ifconfig parser
    • pycloudlib: add lunar support for integration tests
    • nocloud: add support for dmi variable expansion for seedfrom URL
    • tools: read-version drop extra call to git describe --long
    • doc: improve ccwritefiles doc
    • read-version: When insufficient tags, use cloudinit.version.get_version
    • mounts: document weird prefix in schema
    • Ensure network ready before cloud-init service runs on RHEL
    • docs: add copy button to code blocks
    • netplan: define features.NETPLANCONFIGROOTREADONLY flag
    • azure: fix support for systems without az command installed
    • Fix the distro.osfamily output problem in the openEuler system.
    • pycloudlib: bump commit dropping azure api smoke test
    • net: netplan config root read-only as wifi config can contain creds
    • autoinstall: clarify docs for users
    • sources/azure: encode health report as utf-8
    • Add back gateway4/6 deprecation to docs
    • networkd: Add support for multiple [Route] sections
    • doc: add qemu tutorial
    • lint: fix tip-flake8 and tip-mypy
    • Add support for setting uid when creating users on FreeBSD
    • Fix exception in BSD networking code-path
    • Append derivatives to is_rhel list in cloud.cfg.tmpl
    • FreeBSD init: use cloudinit_enable as only rcvar
    • feat: add support aliyun metadata security harden mode
    • docs: uprate analyze to performance page
    • test: fix lxd preseed managed network config
    • Add support for static IPv6 addresses for FreeBSD
    • Make 3.12 failures not fail the build
    • Docs: adding relative links
    • Fix setup.py to align with PEP 440 versioning replacing trailing
    • Add 'nkukard' as contributor
    • doc: add how to render new module doc
    • doc: improve module creation explanation
    • Add Support for IPv6 metadata to OpenStack
    • add xiaoge1001 to .github-cla-signers
    • network: Deprecate gateway{4,6} keys in network config v2
    • VMware: Move Guest Customization transport from OVF to VMware
    • doc: home page links added
    • net: skip duplicate mac check for netvsc nic and its VF

This update for python-responses fixes the following issues:

  • update to 0.21.0:
    • Add threading.Lock() to allow responses working with threading module.
    • Add urllib3 Retry mechanism. See #135
    • Removed internal _cookies_from_headers function
    • Now add, upsert, replace methods return registered response. remove method returns list of removed responses.
    • Added null value support in urlencoded_params_matcher via allow_blank keyword argument
    • Added strict version of decorator. Now you can apply @responses.activate(assert_all_requests_are_fired=True) to your function to validate that all requests were executed in the wrapped function. See #183
References

Affected packages

SUSE:Linux Enterprise Module for Public Cloud 15 SP1 / cloud-init

Package

Name
cloud-init
Purl
pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
23.1-150100.8.63.5

Ecosystem specific

{
    "binaries": [
        {
            "cloud-init": "23.1-150100.8.63.5",
            "cloud-init-config-suse": "23.1-150100.8.63.5"
        }
    ]
}

SUSE:Linux Enterprise Module for Public Cloud 15 SP2 / cloud-init

Package

Name
cloud-init
Purl
pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
23.1-150100.8.63.5

Ecosystem specific

{
    "binaries": [
        {
            "cloud-init": "23.1-150100.8.63.5",
            "cloud-init-config-suse": "23.1-150100.8.63.5"
        }
    ]
}

SUSE:Linux Enterprise Module for Public Cloud 15 SP3 / cloud-init

Package

Name
cloud-init
Purl
pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
23.1-150100.8.63.5

Ecosystem specific

{
    "binaries": [
        {
            "cloud-init": "23.1-150100.8.63.5",
            "cloud-init-config-suse": "23.1-150100.8.63.5"
        }
    ]
}

SUSE:Linux Enterprise Module for Public Cloud 15 SP4 / cloud-init

Package

Name
cloud-init
Purl
pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
23.1-150100.8.63.5

Ecosystem specific

{
    "binaries": [
        {
            "cloud-init": "23.1-150100.8.63.5",
            "cloud-init-config-suse": "23.1-150100.8.63.5"
        }
    ]
}

SUSE:Linux Enterprise Module for Public Cloud 15 SP5 / cloud-init

Package

Name
cloud-init
Purl
pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
23.1-150100.8.63.5

Ecosystem specific

{
    "binaries": [
        {
            "cloud-init": "23.1-150100.8.63.5",
            "cloud-init-config-suse": "23.1-150100.8.63.5"
        }
    ]
}

openSUSE:Leap 15.4 / cloud-init

Package

Name
cloud-init
Purl
pkg:rpm/opensuse/cloud-init&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
23.1-150100.8.63.5

Ecosystem specific

{
    "binaries": [
        {
            "cloud-init": "23.1-150100.8.63.5",
            "cloud-init-config-suse": "23.1-150100.8.63.5",
            "cloud-init-doc": "23.1-150100.8.63.5"
        }
    ]
}

openSUSE:Leap 15.5 / cloud-init

Package

Name
cloud-init
Purl
pkg:rpm/opensuse/cloud-init&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
23.1-150100.8.63.5

Ecosystem specific

{
    "binaries": [
        {
            "cloud-init": "23.1-150100.8.63.5",
            "cloud-init-config-suse": "23.1-150100.8.63.5",
            "cloud-init-doc": "23.1-150100.8.63.5"
        }
    ]
}