Information on source package cloud-init

Available versions

ReleaseVersion
jessie0.7.6~bzr976-2+deb8u3
stretch0.7.9-2+deb9u1
buster20.2-2~deb10u2
bullseye20.4.1-2+deb11u1
bookworm22.4.2-1+deb12u2
trixie24.3.1-2
sid24.3.1-2

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2023-1786vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedSensitive data could be exposed in logs of cloud-init before version 2 ...
CVE-2020-8632fixedvulnerable (no DSA)fixedfixedfixedfixedfixedIn cloud-init through 19.4, rand_user_password in cloudinit/config/cc_ ...
CVE-2020-8631fixedvulnerable (no DSA)fixedfixedfixedfixedfixedcloud-init through 19.4 relies on Mersenne Twister for a random passwo ...
CVE-2019-0816fixedvulnerable (no DSA)fixedfixedfixedfixedfixedA security feature bypass exists in Azure SSH Keypairs, due to a chang ...

Resolved issues

BugDescription
CVE-2022-2084Sensitive data could be exposed in world readable logs of cloud-init b ...
CVE-2021-3429When instructing cloud-init to set a random password for a new user ac ...
CVE-2012-6639An privilege elevation vulnerability exists in Cloud-init before 0.7.0 ...

Security announcements

DSA / DLADescription
DLA-2601-1cloud-init - security update
DLA-2113-1cloud-init - security update
Search for package or bug name: Reporting problems