Bug 31881

Summary: cloud-init new security issue CVE-2023-1786
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: NEW --- QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: mageia, nicolas.salguero, rkarpuzov
Version: 9   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: cloud-init-20.4.1-3.mga9.src.rpm CVE: CVE-2023-1786
Status comment: Fixed upstream in 23.1.2

Description David Walser 2023-05-06 22:54:35 CEST 
Ubuntu has issued an advisory on April 26:
https://ubuntu.com/security/notices/USN-6042-1

The issue is fixed upstream in 23.1.2.

Mageia 8 is also affected.
David Walser 2023-05-06 22:54:51 CEST

Status comment: (none) => Fixed upstream in 23.1.2
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2023-05-07 21:06:31 CEST 
cloud-init has no obvious maintainer, so assigning this update globally.
CC'ing NicolasL who put v22.3 into Cauldron.

CC: (none) => mageia
Assignee: bugsquad => pkg-bugs

Comment 2 David Walser 2023-05-07 21:31:17 CEST 
Fedora has issued an advisory for this today (May 7):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ATBJSXPL2IOAD2LDQRKWPLIC7QXS44GZ/
Comment 3 David Walser 2023-05-11 18:03:19 CEST 
SUSE has issued an advisory for this on May 10:
https://lists.suse.com/pipermail/sle-security-updates/2023-May/014831.html
Comment 4 Rossen Karpuzov 2023-11-20 10:16:12 CET 
Fast check in RPMFind shows that OpenMandriva has cloud-init 23.1. There a lot of difference between version 20 and 23. 
Also enhancement request is open in the Canonical's repo: https://github.com/canonical/cloud-init/issues/4396

CC: (none) => rkarpuzov

Nicolas Salguero 2024-03-14 11:48:04 CET

CC: (none) => nicolas.salguero
CVE: (none) => CVE-2023-1786
Version: Cauldron => 9
Whiteboard: MGA8TOO => (none)