diff options
author | James Falcon <james.falcon@canonical.com> | 2023-04-21 14:28:06 -0500 |
---|---|---|
committer | James Falcon <james.falcon@canonical.com> | 2023-04-21 14:28:06 -0500 |
commit | 31610632c51b47e6740cc8fdc9efc5e0f43e82fb (patch) | |
tree | ef7904e17ac951f6cafbbcdf2195996e4daba250 | |
parent | 3d652585515b30154c70cdf915759f52664adecb (diff) | |
download | cloud-init-git-31610632c51b47e6740cc8fdc9efc5e0f43e82fb.tar.gz |
update changelog
-rw-r--r-- | debian/changelog | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/debian/changelog b/debian/changelog index 4e944234..742b10f0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,10 +1,24 @@ cloud-init (23.1.2-0ubuntu0~20.04.1) UNRELEASED; urgency=medium - * Upstream snapshot based on 23.1.2. - List of changes from upstream can be found at - https://raw.githubusercontent.com/canonical/cloud-init/23.1.2/ChangeLog + * SECURITY UPDATE: Make user/vendor data sensitive and remove log permissions + Because user data and vendor data may contain sensitive information, + this commit ensures that any user data or vendor data written to + instance-data.json gets redacted and is only available to root user. + + Also, modify the permissions of cloud-init.log to be 640, so that + sensitive data leaked to the log isn't world readable. + Additionally, remove the logging of user data and vendor data to + cloud-init.log from the Vultr datasource. + + This is based on upstream snapshot of 23.1.2 [(LP: #2013967)] + + - d/cloud-init.postinst: postinst fixes for LP: #2013967 + Redact sensitive keys from world-readable instance-data.json on upgrade. + Set perms 640 for /var/log/cloud-init.log on pkg upgrade. + Redact sensitive Vultr messages from /var/log/cloud-init.log + - (CVE-2023-1786) - -- James Falcon <james.falcon@canonical.com> Fri, 21 Apr 2023 14:24:46 -0500 + -- James Falcon <james.falcon@canonical.com> Thu, 06 Apr 2023 14:09:32 -0500 cloud-init (23.1.1-0ubuntu0~20.04.1) focal; urgency=medium |