USN-6042-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-6042-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6042-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-6042-1
Related
Published
2023-04-26T17:59:50.940380Z
Modified
2023-04-26T17:59:50.940380Z
Summary
cloud-init vulnerability
Details

James Golovich discovered that sensitive data could be exposed in logs. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

References

Affected packages

Ubuntu:Pro:16.04:LTS / cloud-init

Package

Name
cloud-init
Purl
pkg:deb/ubuntu/cloud-init?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
21.1-19-gbad84ad4-0ubuntu1~16.04.4

Affected versions

0.*

0.7.7~bzr1149-0ubuntu1
0.7.7~bzr1154-0ubuntu1
0.7.7~bzr1155-0ubuntu1
0.7.7~bzr1156-0ubuntu1
0.7.7~bzr1156-0ubuntu2
0.7.7~bzr1160-0ubuntu1
0.7.7~bzr1176-0ubuntu1
0.7.7~bzr1182-0ubuntu1
0.7.7~bzr1189-0ubuntu1
0.7.7~bzr1192-0ubuntu1
0.7.7~bzr1192-0ubuntu2
0.7.7~bzr1200-0ubuntu1
0.7.7~bzr1208-0ubuntu1
0.7.7~bzr1209-0ubuntu1
0.7.7~bzr1212-0ubuntu1
0.7.7~bzr1246-0ubuntu1~16.04.1
0.7.7~bzr1256-0ubuntu1~16.04.1
0.7.8-1-g3705bb5-0ubuntu1~16.04.1
0.7.8-1-g3705bb5-0ubuntu1~16.04.3
0.7.8-49-g9e904bb-0ubuntu1~16.04.1
0.7.8-49-g9e904bb-0ubuntu1~16.04.2
0.7.8-49-g9e904bb-0ubuntu1~16.04.3
0.7.8-49-g9e904bb-0ubuntu1~16.04.4
0.7.9-0ubuntu1~16.04.2
0.7.9-48-g1c795b9-0ubuntu1~16.04.1
0.7.9-90-g61eb03fe-0ubuntu1~16.04.1
0.7.9-113-g513e99e0-0ubuntu1~16.04.1
0.7.9-153-g16a7302f-0ubuntu1~16.04.1
0.7.9-153-g16a7302f-0ubuntu1~16.04.2
0.7.9-233-ge586fe35-0ubuntu1~16.04.1
0.7.9-233-ge586fe35-0ubuntu1~16.04.2

17.*

17.1-27-geb292c18-0ubuntu1~16.04.1
17.1-46-g7acc9e68-0ubuntu1~16.04.1
17.2-35-gf576b2a2-0ubuntu1~16.04.2

18.*

18.2-4-g05926e48-0ubuntu1~16.04.1
18.2-4-g05926e48-0ubuntu1~16.04.2
18.3-9-g2e62cb8a-0ubuntu1~16.04.2
18.4-0ubuntu1~16.04.2
18.5-21-g8ee294d5-0ubuntu1~16.04.1
18.5-45-g3554ffe8-0ubuntu1~16.04.1

19.*

19.1-1-gbaa47854-0ubuntu1~16.04.1
19.2-24-ge7881d5c-0ubuntu1~16.04.1
19.2-36-g059d049c-0ubuntu1~16.04.1
19.2-36-g059d049c-0ubuntu2~16.04.1
19.3-41-gc4735dd3-0ubuntu1~16.04.1
19.4-33-gbb4131a2-0ubuntu1~16.04.1

20.*

20.2-45-g5f7825e2-0ubuntu1~16.04.1
20.3-2-g371b392c-0ubuntu1~16.04.1
20.4-0ubuntu1~16.04.1
20.4-0ubuntu1~16.04.2
20.4.1-0ubuntu1~16.04.1

21.*

21.1-19-gbad84ad4-0ubuntu1~16.04.1
21.1-19-gbad84ad4-0ubuntu1~16.04.2

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "21.1-19-gbad84ad4-0ubuntu1~16.04.4",
            "binary_name": "cloud-init"
        },
        {
            "binary_version": "21.1-19-gbad84ad4-0ubuntu1~16.04.4",
            "binary_name": "ec2-init"
        },
        {
            "binary_version": "21.1-19-gbad84ad4-0ubuntu1~16.04.4",
            "binary_name": "grub-legacy-ec2"
        }
    ]
}

Ubuntu:18.04:LTS / cloud-init

Package

Name
cloud-init
Purl
pkg:deb/ubuntu/cloud-init?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
23.1.2-0ubuntu0~18.04.1

Affected versions

17.*

17.1-18-gd4f70470-0ubuntu1
17.1-25-g17a15f9e-0ubuntu1~17.10.1
17.1-25-g17a15f9e-0ubuntu1
17.1-27-geb292c18-0ubuntu1
17.1-41-g76243487-0ubuntu1
17.1-46-g7acc9e68-0ubuntu1
17.1-51-g05b2308a-0ubuntu1
17.1-53-ga5dc0f42-0ubuntu1
17.1-58-g703241a3-0ubuntu1
17.1-60-ga30a3bb5-0ubuntu1
17.2-1-g4089e20c-0ubuntu1
17.2-9-gdf24daa8-0ubuntu1
17.2-13-g6299e8d0-0ubuntu1
17.2-20-g32a6a176-0ubuntu1
17.2-25-gc03bdd3d-0ubuntu1
17.2-30-gf7deaf15-0ubuntu1
17.2-34-g644048e3-0ubuntu1

18.*

18.1-0ubuntu1
18.1-5-g40e77380-0ubuntu1
18.1-17-g97012fbb-0ubuntu1
18.1-23-gde34dc7c-0ubuntu1
18.1-26-g685f9901-0ubuntu1
18.1-35-ge0f644b7-0ubuntu1
18.1-35-ge0f644b7-0ubuntu2
18.2-0ubuntu1
18.2-4-g05926e48-0ubuntu1
18.2-4-g05926e48-0ubuntu2
18.2-9-g49b562c9-0ubuntu1
18.2-14-g6d48d265-0ubuntu1
18.2-27-g6ef92c98-0ubuntu1~18.04.1
18.3-9-g2e62cb8a-0ubuntu1~18.04.2
18.4-0ubuntu1~18.04.1
18.5-21-g8ee294d5-0ubuntu1~18.04.1
18.5-45-g3554ffe8-0ubuntu1~18.04.1

19.*

19.1-1-gbaa47854-0ubuntu1~18.04.1
19.2-24-ge7881d5c-0ubuntu1~18.04.1
19.2-36-g059d049c-0ubuntu1~18.04.1
19.2-36-g059d049c-0ubuntu2~18.04.1
19.3-41-gc4735dd3-0ubuntu1~18.04.1
19.4-33-gbb4131a2-0ubuntu1~18.04.1

20.*

20.2-45-g5f7825e2-0ubuntu1~18.04.1
20.3-2-g371b392c-0ubuntu1~18.04.1
20.4-0ubuntu1~18.04.1
20.4-0ubuntu1~18.04.2
20.4.1-0ubuntu1~18.04.1

21.*

21.1-19-gbad84ad4-0ubuntu1~18.04.1
21.1-19-gbad84ad4-0ubuntu1~18.04.2
21.2-3-g899bfaa9-0ubuntu2~18.04.1
21.3-1-g6803368d-0ubuntu1~18.04.3
21.3-1-g6803368d-0ubuntu1~18.04.4
21.4-0ubuntu1~18.04.1

22.*

22.1-14-g2e17a0d6-0ubuntu1~18.04.2
22.1-14-g2e17a0d6-0ubuntu1~18.04.3
22.2-0ubuntu1~18.04.1
22.2-0ubuntu1~18.04.2
22.2-0ubuntu1~18.04.3
22.3.4-0ubuntu1~18.04.1
22.4.2-0ubuntu0~18.04.1

23.*

23.1.1-0ubuntu0~18.04.1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "23.1.2-0ubuntu0~18.04.1",
            "binary_name": "cloud-init"
        }
    ]
}

Ubuntu:20.04:LTS / cloud-init

Package

Name
cloud-init
Purl
pkg:deb/ubuntu/cloud-init?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
23.1.2-0ubuntu0~20.04.1

Affected versions

19.*

19.2-36-g059d049c-0ubuntu3
19.2-78-ge8138959-0ubuntu1
19.3-0ubuntu1
19.3-23-gfb04493e-0ubuntu1
19.3-30-g4bc399e0-0ubuntu1
19.3-40-gf69d33a7-0ubuntu1
19.3-41-gc4735dd3-0ubuntu1
19.3-74-g129b1c4e-0ubuntu1
19.4-1-g8c96cbc1-0ubuntu1
19.4-16-gf8950d63-0ubuntu1
19.4-31-g3f6192b3-0ubuntu1
19.4-33-gbb4131a2-0ubuntu1
19.4-56-g06e324ff-0ubuntu1

20.*

20.1-0ubuntu1
20.1-5-g67c8e53c-0ubuntu1
20.1-9-g1f860e5a-0ubuntu1
20.1-10-g71af48df-0ubuntu1
20.1-10-g71af48df-0ubuntu2
20.1-10-g71af48df-0ubuntu3
20.1-10-g71af48df-0ubuntu5
20.2-45-g5f7825e2-0ubuntu1~20.04.1
20.3-2-g371b392c-0ubuntu1~20.04.1
20.4-0ubuntu1~20.04.1
20.4-0ubuntu1~20.04.2
20.4.1-0ubuntu1~20.04.1

21.*

21.1-19-gbad84ad4-0ubuntu1~20.04.1
21.1-19-gbad84ad4-0ubuntu1~20.04.2
21.2-3-g899bfaa9-0ubuntu2~20.04.1
21.3-1-g6803368d-0ubuntu1~20.04.3
21.3-1-g6803368d-0ubuntu1~20.04.4
21.4-0ubuntu1~20.04.1

22.*

22.1-14-g2e17a0d6-0ubuntu1~20.04.2
22.1-14-g2e17a0d6-0ubuntu1~20.04.3
22.2-0ubuntu1~20.04.1
22.2-0ubuntu1~20.04.2
22.2-0ubuntu1~20.04.3
22.3.4-0ubuntu1~20.04.1
22.4.2-0ubuntu0~20.04.1
22.4.2-0ubuntu0~20.04.2

23.*

23.1.1-0ubuntu0~20.04.1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "23.1.2-0ubuntu0~20.04.1",
            "binary_name": "cloud-init"
        }
    ]
}

Ubuntu:22.04:LTS / cloud-init

Package

Name
cloud-init
Purl
pkg:deb/ubuntu/cloud-init?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
23.1.2-0ubuntu0~22.04.1

Affected versions

21.*

21.3-1-g6803368d-0ubuntu3
21.4-0ubuntu1~22.04.1
21.4-25-g039c40f9-0ubuntu1~22.04.1
21.4-119-gdeb3ae82-0ubuntu1~22.04.1
21.4-119-gdeb3ae82-0ubuntu1~22.04.2

22.*

22.1-1-gb3d9acdd-0ubuntu1~22.04.1
22.1-14-g2e17a0d6-0ubuntu1~22.04.1
22.1-14-g2e17a0d6-0ubuntu1~22.04.2
22.1-14-g2e17a0d6-0ubuntu1~22.04.3
22.1-14-g2e17a0d6-0ubuntu1~22.04.4
22.1-14-g2e17a0d6-0ubuntu1~22.04.5
22.2-0ubuntu1~22.04.1
22.2-0ubuntu1~22.04.2
22.2-0ubuntu1~22.04.3
22.3.4-0ubuntu1~22.04.1
22.4.2-0ubuntu0~22.04.1

23.*

23.1.1-0ubuntu0~22.04.1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "23.1.2-0ubuntu0~22.04.1",
            "binary_name": "cloud-init"
        }
    ]
}