Ubuntu has issued an advisory on April 26: https://ubuntu.com/security/notices/USN-6042-1 The issue is fixed upstream in 23.1.2. Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 23.1.2Whiteboard: (none) => MGA8TOO
cloud-init has no obvious maintainer, so assigning this update globally. CC'ing NicolasL who put v22.3 into Cauldron.
CC: (none) => mageiaAssignee: bugsquad => pkg-bugs
Fedora has issued an advisory for this today (May 7): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ATBJSXPL2IOAD2LDQRKWPLIC7QXS44GZ/
SUSE has issued an advisory for this on May 10: https://lists.suse.com/pipermail/sle-security-updates/2023-May/014831.html
Fast check in RPMFind shows that OpenMandriva has cloud-init 23.1. There a lot of difference between version 20 and 23. Also enhancement request is open in the Canonical's repo: https://github.com/canonical/cloud-init/issues/4396
CC: (none) => rkarpuzov
CC: (none) => nicolas.salgueroCVE: (none) => CVE-2023-1786Version: Cauldron => 9Whiteboard: MGA8TOO => (none)