SUSE-SU-2025:20656-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-202520656-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:20656-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:20656-1
Upstream
Related
Published
2025-09-05T12:57:05Z
Modified
2026-03-23T04:50:54.144690Z
Summary
Security update for cloud-init
Details

This update for cloud-init fixes the following issues:

Update to version 25.1.3:

  • CVE-2024-6174: Unpriveleged user could trigger hotplug-hook commands (bsc#1245403).

None security fixes:

  • Rebase cloud-init to 24.4 or higher (bsc#1239715, jsc#PED-8680).
  • Fixed cloud-init --debug status (bsc#1228414).
  • Using ssh_pwauth: True in cloud-init breaks ssh for root (bsc#1237764).
  • Fixed FileNotFoundError (bsc#1236720).
  • Fixed python 3.13 support (bsc#1233649).
References

Affected packages

SUSE:Linux Micro 6.0 / cloud-init

Package

Name
cloud-init
Purl
pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Micro%206.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
25.1.3-1.1

Ecosystem specific 

{
    "binaries": [
        {
            "cloud-init-config-suse": "25.1.3-1.1",
            "cloud-init": "25.1.3-1.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:20656-1.json"