USN-6042-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-6042-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6042-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-6042-1

Related

CVE-2023-1786

Published

2023-04-26T17:59:50.940380Z

Modified

2023-04-26T17:59:50.940380Z

Summary

cloud-init vulnerability

Details

James Golovich discovered that sensitive data could be exposed in logs. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

References

Affected packages

Ubuntu:Pro:16.04:LTS / cloud-init

Package

Name: cloud-init
Purl: pkg:deb/ubuntu/cloud-init@21.1-19-gbad84ad4-0ubuntu1~16.04.4?arch=src?distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

21.1-19-gbad84ad4-0ubuntu1~16.04.4

Affected versions

0.*

0.7.7~bzr1149-0ubuntu1

0.7.7~bzr1154-0ubuntu1

0.7.7~bzr1155-0ubuntu1

0.7.7~bzr1156-0ubuntu1

0.7.7~bzr1156-0ubuntu2

0.7.7~bzr1160-0ubuntu1

0.7.7~bzr1176-0ubuntu1

0.7.7~bzr1182-0ubuntu1

0.7.7~bzr1189-0ubuntu1

0.7.7~bzr1192-0ubuntu1

0.7.7~bzr1192-0ubuntu2

0.7.7~bzr1200-0ubuntu1

0.7.7~bzr1208-0ubuntu1

0.7.7~bzr1209-0ubuntu1

0.7.7~bzr1212-0ubuntu1

0.7.7~bzr1246-0ubuntu1~16.04.1

0.7.7~bzr1256-0ubuntu1~16.04.1

0.7.8-1-g3705bb5-0ubuntu1~16.04.1

0.7.8-1-g3705bb5-0ubuntu1~16.04.3

0.7.8-49-g9e904bb-0ubuntu1~16.04.1

0.7.8-49-g9e904bb-0ubuntu1~16.04.2

0.7.8-49-g9e904bb-0ubuntu1~16.04.3

0.7.8-49-g9e904bb-0ubuntu1~16.04.4

0.7.9-0ubuntu1~16.04.2

0.7.9-48-g1c795b9-0ubuntu1~16.04.1

0.7.9-90-g61eb03fe-0ubuntu1~16.04.1

0.7.9-113-g513e99e0-0ubuntu1~16.04.1

0.7.9-153-g16a7302f-0ubuntu1~16.04.1

0.7.9-153-g16a7302f-0ubuntu1~16.04.2

0.7.9-233-ge586fe35-0ubuntu1~16.04.1

0.7.9-233-ge586fe35-0ubuntu1~16.04.2

17.*

17.1-27-geb292c18-0ubuntu1~16.04.1

17.1-46-g7acc9e68-0ubuntu1~16.04.1

17.2-35-gf576b2a2-0ubuntu1~16.04.2

18.*

18.2-4-g05926e48-0ubuntu1~16.04.1

18.2-4-g05926e48-0ubuntu1~16.04.2

18.3-9-g2e62cb8a-0ubuntu1~16.04.2

18.4-0ubuntu1~16.04.2

18.5-21-g8ee294d5-0ubuntu1~16.04.1

18.5-45-g3554ffe8-0ubuntu1~16.04.1

19.*

19.1-1-gbaa47854-0ubuntu1~16.04.1

19.2-24-ge7881d5c-0ubuntu1~16.04.1

19.2-36-g059d049c-0ubuntu1~16.04.1

19.2-36-g059d049c-0ubuntu2~16.04.1

19.3-41-gc4735dd3-0ubuntu1~16.04.1

19.4-33-gbb4131a2-0ubuntu1~16.04.1

20.*

20.2-45-g5f7825e2-0ubuntu1~16.04.1

20.3-2-g371b392c-0ubuntu1~16.04.1

20.4-0ubuntu1~16.04.1

20.4-0ubuntu1~16.04.2

20.4.1-0ubuntu1~16.04.1

21.*

21.1-19-gbad84ad4-0ubuntu1~16.04.1

21.1-19-gbad84ad4-0ubuntu1~16.04.2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "ec2-init": "21.1-19-gbad84ad4-0ubuntu1~16.04.4",
            "cloud-init": "21.1-19-gbad84ad4-0ubuntu1~16.04.4",
            "grub-legacy-ec2": "21.1-19-gbad84ad4-0ubuntu1~16.04.4"
        }
    ]
}

Ubuntu:18.04:LTS / cloud-init

Package

Name: cloud-init
Purl: pkg:deb/ubuntu/cloud-init@23.1.2-0ubuntu0~18.04.1?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

23.1.2-0ubuntu0~18.04.1

Affected versions

17.*

17.1-18-gd4f70470-0ubuntu1

17.1-25-g17a15f9e-0ubuntu1~17.10.1

17.1-25-g17a15f9e-0ubuntu1

17.1-27-geb292c18-0ubuntu1

17.1-41-g76243487-0ubuntu1

17.1-46-g7acc9e68-0ubuntu1

17.1-51-g05b2308a-0ubuntu1

17.1-53-ga5dc0f42-0ubuntu1

17.1-58-g703241a3-0ubuntu1

17.1-60-ga30a3bb5-0ubuntu1

17.2-1-g4089e20c-0ubuntu1

17.2-9-gdf24daa8-0ubuntu1

17.2-13-g6299e8d0-0ubuntu1

17.2-20-g32a6a176-0ubuntu1

17.2-25-gc03bdd3d-0ubuntu1

17.2-30-gf7deaf15-0ubuntu1

17.2-34-g644048e3-0ubuntu1

18.*

18.1-0ubuntu1

18.1-5-g40e77380-0ubuntu1

18.1-17-g97012fbb-0ubuntu1

18.1-23-gde34dc7c-0ubuntu1

18.1-26-g685f9901-0ubuntu1

18.1-35-ge0f644b7-0ubuntu1

18.1-35-ge0f644b7-0ubuntu2

18.2-0ubuntu1

18.2-4-g05926e48-0ubuntu1

18.2-4-g05926e48-0ubuntu2

18.2-9-g49b562c9-0ubuntu1

18.2-14-g6d48d265-0ubuntu1

18.2-27-g6ef92c98-0ubuntu1~18.04.1

18.3-9-g2e62cb8a-0ubuntu1~18.04.2

18.4-0ubuntu1~18.04.1

18.5-21-g8ee294d5-0ubuntu1~18.04.1

18.5-45-g3554ffe8-0ubuntu1~18.04.1

19.*

19.1-1-gbaa47854-0ubuntu1~18.04.1

19.2-24-ge7881d5c-0ubuntu1~18.04.1

19.2-36-g059d049c-0ubuntu1~18.04.1

19.2-36-g059d049c-0ubuntu2~18.04.1

19.3-41-gc4735dd3-0ubuntu1~18.04.1

19.4-33-gbb4131a2-0ubuntu1~18.04.1

20.*

20.2-45-g5f7825e2-0ubuntu1~18.04.1

20.3-2-g371b392c-0ubuntu1~18.04.1

20.4-0ubuntu1~18.04.1

20.4-0ubuntu1~18.04.2

20.4.1-0ubuntu1~18.04.1

21.*

21.1-19-gbad84ad4-0ubuntu1~18.04.1

21.1-19-gbad84ad4-0ubuntu1~18.04.2

21.2-3-g899bfaa9-0ubuntu2~18.04.1

21.3-1-g6803368d-0ubuntu1~18.04.3

21.3-1-g6803368d-0ubuntu1~18.04.4

21.4-0ubuntu1~18.04.1

22.*

22.1-14-g2e17a0d6-0ubuntu1~18.04.2

22.1-14-g2e17a0d6-0ubuntu1~18.04.3

22.2-0ubuntu1~18.04.1

22.2-0ubuntu1~18.04.2

22.2-0ubuntu1~18.04.3

22.3.4-0ubuntu1~18.04.1

22.4.2-0ubuntu0~18.04.1

23.*

23.1.1-0ubuntu0~18.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "cloud-init": "23.1.2-0ubuntu0~18.04.1"
        }
    ]
}

Ubuntu:20.04:LTS / cloud-init

Package

Name: cloud-init
Purl: pkg:deb/ubuntu/cloud-init@23.1.2-0ubuntu0~20.04.1?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

23.1.2-0ubuntu0~20.04.1

Affected versions

19.*

19.2-36-g059d049c-0ubuntu3

19.2-78-ge8138959-0ubuntu1

19.3-0ubuntu1

19.3-23-gfb04493e-0ubuntu1

19.3-30-g4bc399e0-0ubuntu1

19.3-40-gf69d33a7-0ubuntu1

19.3-41-gc4735dd3-0ubuntu1

19.3-74-g129b1c4e-0ubuntu1

19.4-1-g8c96cbc1-0ubuntu1

19.4-16-gf8950d63-0ubuntu1

19.4-31-g3f6192b3-0ubuntu1

19.4-33-gbb4131a2-0ubuntu1

19.4-56-g06e324ff-0ubuntu1

20.*

20.1-0ubuntu1

20.1-5-g67c8e53c-0ubuntu1

20.1-9-g1f860e5a-0ubuntu1

20.1-10-g71af48df-0ubuntu1

20.1-10-g71af48df-0ubuntu2

20.1-10-g71af48df-0ubuntu3

20.1-10-g71af48df-0ubuntu5

20.2-45-g5f7825e2-0ubuntu1~20.04.1

20.3-2-g371b392c-0ubuntu1~20.04.1

20.4-0ubuntu1~20.04.1

20.4-0ubuntu1~20.04.2

20.4.1-0ubuntu1~20.04.1

21.*

21.1-19-gbad84ad4-0ubuntu1~20.04.1

21.1-19-gbad84ad4-0ubuntu1~20.04.2

21.2-3-g899bfaa9-0ubuntu2~20.04.1

21.3-1-g6803368d-0ubuntu1~20.04.3

21.3-1-g6803368d-0ubuntu1~20.04.4

21.4-0ubuntu1~20.04.1

22.*

22.1-14-g2e17a0d6-0ubuntu1~20.04.2

22.1-14-g2e17a0d6-0ubuntu1~20.04.3

22.2-0ubuntu1~20.04.1

22.2-0ubuntu1~20.04.2

22.2-0ubuntu1~20.04.3

22.3.4-0ubuntu1~20.04.1

22.4.2-0ubuntu0~20.04.1

22.4.2-0ubuntu0~20.04.2

23.*

23.1.1-0ubuntu0~20.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "cloud-init": "23.1.2-0ubuntu0~20.04.1"
        }
    ]
}

Ubuntu:22.04:LTS / cloud-init

Package

Name: cloud-init
Purl: pkg:deb/ubuntu/cloud-init@23.1.2-0ubuntu0~22.04.1?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

23.1.2-0ubuntu0~22.04.1

Affected versions

21.*

21.3-1-g6803368d-0ubuntu3

21.4-0ubuntu1~22.04.1

21.4-25-g039c40f9-0ubuntu1~22.04.1

21.4-119-gdeb3ae82-0ubuntu1~22.04.1

21.4-119-gdeb3ae82-0ubuntu1~22.04.2

22.*

22.1-1-gb3d9acdd-0ubuntu1~22.04.1

22.1-14-g2e17a0d6-0ubuntu1~22.04.1

22.1-14-g2e17a0d6-0ubuntu1~22.04.2

22.1-14-g2e17a0d6-0ubuntu1~22.04.3

22.1-14-g2e17a0d6-0ubuntu1~22.04.4

22.1-14-g2e17a0d6-0ubuntu1~22.04.5

22.2-0ubuntu1~22.04.1

22.2-0ubuntu1~22.04.2

22.2-0ubuntu1~22.04.3

22.3.4-0ubuntu1~22.04.1

22.4.2-0ubuntu0~22.04.1

23.*

23.1.1-0ubuntu0~22.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "cloud-init": "23.1.2-0ubuntu0~22.04.1"
        }
    ]
}