diff options
| author | James Falcon <james.falcon@canonical.com> | 2023-04-20 16:39:08 -0500 |
|---|---|---|
| committer | James Falcon <james.falcon@canonical.com> | 2023-04-21 13:11:09 -0500 |
| commit | 7b8063e180f25f16c8ba1c7d9371066efdc67df3 (patch) | |
| tree | 6f5f6edc588d8d0d79afc56c39460873752e0b7a | |
| parent | 86606eb493f251899c1c6784e8d26743d6a379d2 (diff) | |
| download | cloud-init-git-7b8063e180f25f16c8ba1c7d9371066efdc67df3.tar.gz | |
update changelog
| -rw-r--r-- | debian/changelog | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 64dd2521..6d44dc21 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,25 @@ +cloud-init (23.1.2-0ubuntu0~22.04.1) UNRELEASED; urgency=medium + + * SECURITY UPDATE: Make user/vendor data sensitive and remove log permissions + Because user data and vendor data may contain sensitive information, + this commit ensures that any user data or vendor data written to + instance-data.json gets redacted and is only available to root user. + + Also, modify the permissions of cloud-init.log to be 640, so that + sensitive data leaked to the log isn't world readable. + Additionally, remove the logging of user data and vendor data to + cloud-init.log from the Vultr datasource. + + This is based on upstream snapshot of 23.1.2 [(LP: #2013967)] + + - d/cloud-init.postinst: postinst fixes for LP: #2013967 + Redact sensitive keys from world-readable instance-data.json on upgrade. + Set perms 640 for /var/log/cloud-init.log on pkg upgrade. + Redact sensitive Vultr messages from /var/log/cloud-init.log + - (CVE-2023-1786) + + -- James Falcon <james.falcon@canonical.com> Thu, 06 Apr 2023 14:09:32 -0500 + cloud-init (23.1.1-0ubuntu0~22.04.1) jammy; urgency=medium * d/patches/retain-netplan-world-readable.patch: |