ELSA-2023-6943

ELSA-2023-6943 - cloud-init security, bug fix, and enhancement update

Type:SECURITY
Severity:MODERATE
Release Date:2023-11-17

Description


[23.1.1-10.0.1]
- Added missing services in rhel/systemd/cloud-init.service [Orabug: 32183938]
- Add IPv6 IMDS and dhcp6 support for Oracle Datasource [Orabug: 35470783]
- Increase retry value and add timeout for OCI [Orabug: 35329883]
- Fix log file permissions [Orabug: 35302985]
- Update detection logic for OL distros in config template [Orabug: 34845400]
- Added missing services in cloud-init.service.tmpl for sshd [Orabug: 32183938]
- Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 [Orabug: 30435672]
- limit permissions [Orabug: 31352433]
- Changes to ignore all enslaved interfaces [Orabug: 30092148]
- Fix swap file size allocation logic to allocate maxsize [Orabug: 29952349]
- Make Oracle datasource detect dracut based config files [Orabug: 29956753]
- add modified version of enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch:
1. Enable ec2_utils.py having a way to stop retrying to get ec2 metadata
2. Apply stop retrying to get ec2 metadata to helper/openstack.py MetadataReader
Resolves: Oracle-Bug:41660 (Bugzilla)
- added OL to list of known distros

[23.1.1-10]
- Resolves: bz#2233047
([RHEL 8.9] Inform user when cloud-init generated config files are left during uninstalling)

[23.1.1-9]
- ci-NM-renderer-set-default-IPv6-addr-gen-mode-for-all-i.patch [bz#2229460]
- Resolves: bz#2229460
([rhel-8.9] [RFE] Configure 'ipv6.addr-gen-mode=eui64' as default in NetworkManager)

[23.1.1-8]
- ci-DS-VMware-modify-a-few-log-level-4284.patch [bz#2223810]
- Resolves: bz#2223810
([cloud-init] [RHEL8.9]There are warning logs if dev has more than one IPV6 address on ESXi)

[23.1.1-7]
- ci-logging-keep-current-file-mode-of-log-file-if-its-st.patch [bz#2222501]
- Resolves: bz#2222501
(Don't change log permissions if they are already more restrictive [rhel-8])

[23.1.1-6]
- ci-Revert-Manual-revert-Use-Network-Manager-and-Netplan.patch [bz#2219528]
- ci-Revert-Revert-Add-native-NetworkManager-support-1224.patch [bz#2219528]
- ci-nm-generate-ipv6-stateful-dhcp-config-at-par-with-sy.patch [bz#2219528]
- ci-network_manager-add-a-method-for-ipv6-static-IP-conf.patch [bz#2219528]
- ci-net-sysconfig-enable-sysconfig-renderer-if-network-m.patch [bz#2219528]
- ci-network-manager-Set-higher-autoconnect-priority-for-.patch [bz#2219528]
- ci-Set-default-renderer-as-sysconfig-for-centos-rhel-41.patch [bz#2219528]
- Resolves: bz#2219528
([RHEL8] Support configuring network by NM keyfiles)

[23.1.1-5]
- ci-Add-warning-during-upgrade-from-an-old-version-with-.patch [bz#2210012]
- Resolves: bz#2210012
([cloud-init] System didn't generate ssh host keys and lost ssh connection after cloud-init removed them with updated cloud-init package.)

[23.1.1-3]
- ci-Don-t-change-permissions-of-netrules-target-2076.patch [bz#2182947]
- ci-Make-user-vendor-data-sensitive-and-remove-log-permi.patch [bz#2190081]
- Resolves: bz#2182947
(Request to backport 'Don't change permissions of netrules target (#2076)')
- Resolves: bz#2190081
(CVE-2023-1786 cloud-init: sensitive data could be exposed in logs [rhel-8])

[23.1.1-2]
- ci-rhel-make-sure-previous-hostname-file-ends-with-a-ne.patch [bz#2182407]
- Resolves: bz#2182407
(cloud-init strips new line from '/etc/hostname' when processing '/var/lib/cloud/data/previous-hostname')

[23.1.1-1]
- limit-permissions-on-def_log_file.patch
- Resolves bz#1424612
- include-NOZEROCONF-yes-in-etc-sysconfig-network.patch
- Resolves bz#1653131
- Rebase to 23.1.1 [bz#2172821]
- Resolves: bz#2172821


Related CVEs


CVE-2023-1786

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) cloud-init-23.1.1-10.0.1.el8.src.rpm101ffbd4a2f61fb9d5baa824feb4ec95-ol8_aarch64_appstream
cloud-init-23.1.1-10.0.1.el8.noarch.rpmbb20d8bfcc808871571570866274edbf-ol8_aarch64_appstream
Oracle Linux 8 (x86_64) cloud-init-23.1.1-10.0.1.el8.src.rpm101ffbd4a2f61fb9d5baa824feb4ec95-ol8_x86_64_appstream
cloud-init-23.1.1-10.0.1.el8.noarch.rpmbb20d8bfcc808871571570866274edbf-ol8_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete