{"affected":[{"ecosystem_specific":{"binaries":[{"cloud-init":"23.1-150100.8.63.5","cloud-init-config-suse":"23.1-150100.8.63.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Public Cloud 15 SP1","name":"cloud-init","purl":"pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"23.1-150100.8.63.5"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cloud-init":"23.1-150100.8.63.5","cloud-init-config-suse":"23.1-150100.8.63.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Public Cloud 15 SP2","name":"cloud-init","purl":"pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"23.1-150100.8.63.5"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cloud-init":"23.1-150100.8.63.5","cloud-init-config-suse":"23.1-150100.8.63.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Public Cloud 15 SP3","name":"cloud-init","purl":"pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"23.1-150100.8.63.5"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cloud-init":"23.1-150100.8.63.5","cloud-init-config-suse":"23.1-150100.8.63.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Public Cloud 15 SP4","name":"cloud-init","purl":"pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"23.1-150100.8.63.5"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cloud-init":"23.1-150100.8.63.5","cloud-init-config-suse":"23.1-150100.8.63.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Public Cloud 15 SP5","name":"cloud-init","purl":"pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"23.1-150100.8.63.5"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cloud-init":"23.1-150100.8.63.5","cloud-init-config-suse":"23.1-150100.8.63.5","cloud-init-doc":"23.1-150100.8.63.5"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"cloud-init","purl":"pkg:rpm/opensuse/cloud-init&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"23.1-150100.8.63.5"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cloud-init":"23.1-150100.8.63.5","cloud-init-config-suse":"23.1-150100.8.63.5","cloud-init-doc":"23.1-150100.8.63.5"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"cloud-init","purl":"pkg:rpm/opensuse/cloud-init&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"23.1-150100.8.63.5"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for cloud-init fixes the following issues:\n\n- CVE-2023-1786: Do not expose sensitive data gathered from the CSP. (bsc#1210277)\n- CVE-2022-2084: Fixed a bug which caused logging schema failures can include password hashes. (bsc#1210652)\n    \n- Update to version 23.1\n\n  + Support transactional-updates for SUSE based distros\n  + Set ownership for new folders in Write Files Module\n  + add OpenCloudOS and TencentOS support\n  + lxd: Retry if the server isn't ready \n  + test: switch pycloudlib source to pypi \n  + test: Fix integration test deprecation message \n  + Recognize opensuse-microos, dev tooling fixes \n  + sources/azure: refactor imds handler into own module \n  + docs: deprecation generation support \n  + add function is_virtual to distro/FreeBSD\n  + cc_ssh: support multiple hostcertificates \n  + Fix minor schema validation regression and fixup typing \n  + doc: Reword user data debug section \n  + cli: schema also validate vendordata*.\n  + ci: sort and add checks for cla signers file \n  + Add 'ederst' as contributor\n  + readme: add reference to packages dir \n  + docs: update downstream package list \n  + docs: add google search verification \n  + docs: fix 404 render use default notfound_urls_prefix in RTD conf\n  + Fix OpenStack datasource detection on bare metal\n  + docs: add themed RTD 404 page and pointer to readthedocs-hosted \n  + schema: fix gpt labels, use type string for GUID \n  + cc_disk_setup: code cleanup \n  + netplan: keep custom strict perms when 50-cloud-init.yaml exists\n  + cloud-id: better handling of change in datasource files\n  + Warn on empty network key \n  + Fix Vultr cloud_interfaces usage \n  + cc_puppet: Update puppet service name \n  + docs: Clarify networking docs \n  + lint: remove httpretty \n  + cc_set_passwords: Prevent traceback when restarting ssh \n  + tests: fix lp1912844 \n  + tests: Skip ansible test on bionic \n  + Wait for NetworkManager \n  + docs: minor polishing \n  + CI: migrate integration-test to GH actions \n  + Fix permission of SSH host keys \n  + Fix default route rendering on v2 ipv6\n  + doc: fix path in net_convert command \n  + docs: update net_convert docs\n  + doc: fix dead link\n  + cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty\n  + distros/rhel.py: _read_hostname() missing strip on 'hostname'\n  + integration tests: add  IBM VPC support \n  + machine-id: set to uninitialized to trigger regeneration on clones\n  + sources/azure: retry on connection error when fetching metdata \n  + Ensure ssh state accurately obtained \n  + bddeb: drop dh-systemd dependency on newer deb-based releases \n  + doc: fix `config formats` link in cloudsigma.rst \n  + Fix wrong subp syntax in cc_set_passwords.py \n  + docs: update the PR template link to readthedocs \n  + ci: switch unittests to gh actions\n  + Add mount_default_fields for PhotonOS. \n  + sources/azure: minor refactor for metadata source detection logic\n  + add 'CalvoM' as contributor \n  + ci: doc to gh actions \n  + lxd: handle 404 from missing devices route for LXD 4.0 \n  + docs: Diataxis overhaul \n  + vultr: Fix issue regarding cache and region codes \n  + cc_set_passwords: Move ssh status checking later \n  + Improve Wireguard module idempotency \n  + network/netplan: add gateways as on-link when necessary \n  + tests: test_lxd assert features.networks.zones when present \n  + Use btrfs enquque when available (#1926) [Robert Schweikert]\n  + sources/azure: fix device driver matching for net config (#1914)\n  + BSD: fix duplicate macs in Ifconfig parser \n  + pycloudlib: add lunar support for integration tests \n  + nocloud: add support for dmi variable expansion for seedfrom URL\n  + tools: read-version drop extra call to git describe --long\n  + doc: improve cc_write_files doc\n  + read-version: When insufficient tags, use cloudinit.version.get_version\n  + mounts: document weird prefix in schema \n  + Ensure network ready before cloud-init service runs on RHEL\n  + docs: add copy button to code blocks \n  + netplan: define features.NETPLAN_CONFIG_ROOT_READ_ONLY flag\n  + azure: fix support for systems without az command installed \n  + Fix the distro.osfamily output problem in the openEuler system. \n  + pycloudlib: bump commit dropping azure api smoke test\n  + net: netplan config root read-only as wifi config can contain creds\n  + autoinstall: clarify docs for users\n  + sources/azure: encode health report as utf-8 \n  + Add back gateway4/6 deprecation to docs \n  + networkd: Add support for multiple [Route] sections \n  + doc: add qemu tutorial \n  + lint: fix tip-flake8 and tip-mypy \n  + Add support for setting uid when creating users on FreeBSD \n  + Fix exception in BSD networking code-path \n  + Append derivatives to is_rhel list in cloud.cfg.tmpl \n  + FreeBSD init: use cloudinit_enable as only rcvar \n  + feat: add support aliyun metadata security harden mode \n  + docs: uprate analyze to performance page\n  + test: fix lxd preseed managed network config \n  + Add support for static IPv6 addresses for FreeBSD \n  + Make 3.12 failures not fail the build \n  + Docs: adding relative links \n  + Fix setup.py to align with PEP 440 versioning replacing trailing\n  + Add 'nkukard' as contributor \n  + doc: add how to render new module doc \n  + doc: improve module creation explanation \n  + Add Support for IPv6 metadata to OpenStack \n  + add xiaoge1001 to .github-cla-signers\n  + network: Deprecate gateway{4,6} keys in network config v2\n  + VMware: Move Guest Customization transport from OVF to VMware\n  + doc: home page links added\n  + net: skip duplicate mac check for netvsc nic and its VF\n\nThis update for python-responses fixes the following issues:\n  \n- update to 0.21.0:\n  * Add `threading.Lock()` to allow `responses` working with `threading` module.\n  * Add `urllib3` `Retry` mechanism. See #135\n  * Removed internal `_cookies_from_headers` function\n  * Now `add`, `upsert`, `replace` methods return registered response.\n    `remove` method returns list of removed responses.\n  * Added null value support in `urlencoded_params_matcher` via `allow_blank` keyword argument\n  * Added strict version of decorator. Now you can apply `@responses.activate(assert_all_requests_are_fired=True)`\n    to your function to validate that all requests were executed in the wrapped function. See #183\n\n  \n","id":"SUSE-SU-2023:2628-1","modified":"2023-06-23T19:44:04Z","published":"2023-06-23T19:44:04Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20232628-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1171511"},{"type":"REPORT","url":"https://bugzilla.suse.com/1203393"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210277"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210652"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2084"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-1786"}],"related":["CVE-2022-2084","CVE-2023-1786"],"summary":"Security update for cloud-init","upstream":["CVE-2022-2084","CVE-2023-1786"]}