cloud-init 23.1.2-0ubuntu0~22.04.1 source package in Ubuntu

Changelog

cloud-init (23.1.2-0ubuntu0~22.04.1) jammy; urgency=medium

  * SECURITY UPDATE: Make user/vendor data sensitive and remove log permissions
    Because user data and vendor data may contain sensitive information,
    this commit ensures that any user data or vendor data written to
    instance-data.json gets redacted and is only available to root user.

    Also, modify the permissions of cloud-init.log to be 640, so that
    sensitive data leaked to the log isn't world readable.
    Additionally, remove the logging of user data and vendor data to
    cloud-init.log from the Vultr datasource.

    This is based on upstream snapshot of 23.1.2 [(LP: #2013967)]

    - d/cloud-init.postinst: postinst fixes for LP: #2013967
      Redact sensitive keys from world-readable instance-data.json on upgrade.
      Set perms 640 for /var/log/cloud-init.log on pkg upgrade.
      Redact sensitive Vultr messages from /var/log/cloud-init.log
    - (CVE-2023-1786)

 -- James Falcon <email address hidden>  Thu, 20 Apr 2023 20:37:40 -0500

Upload details

Uploaded by:
James Falcon
Sponsored by:
Chad Smith
Uploaded to:
Jammy
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Jammy security main admin

Builds

Jammy: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
cloud-init_23.1.2.orig.tar.gz 1.5 MiB 4c3a2499d9953902a550e2134cceb5a9afd2324009404f6d52bb82d3e96dec3f
cloud-init_23.1.2-0ubuntu0~22.04.1.debian.tar.xz 87.3 KiB 5e82b46d975661f3f73cb3ba00fe2023ff05797b9178d67122b655548e454d73
cloud-init_23.1.2-0ubuntu0~22.04.1.dsc 2.2 KiB d1efd7d312faac55b2c69ff268eb977f07663d6617e7dbf0a607bf4e0330d65e

View changes file

Binary packages built by this source

cloud-init: initialization and customization tool for cloud instances

 Cloud-init is the industry standard multi-distribution method for
 cross-platform cloud instance initialization. It is supported across all major
 public cloud providers, provisioning systems for private cloud infrastructure,
 and bare-metal installations.
 .
 Cloud instances are initialized from a disk image and instance data:
 .
  * Cloud metadata
  * User data (optional)
  * Vendor data (optional)
 .
 Cloud-init will identify the cloud it is running on during boot, read any
 provided metadata from the cloud and initialize the system accordingly. This
 may involve setting up the network and storage devices to configuring SSH
 access key and many other aspects of a system. Later on the cloud-init will
 also parse and process any optional user or vendor data that was passed to
 the instance.