MGASA-2021-0494

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0494.html

Import Source

https://advisories.mageia.org/MGASA-2021-0494.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2021-0494

Related

CVE-2021-3429

Published

2021-10-29T19:32:22Z

Modified

2021-10-29T18:54:35Z

Summary

Updated cloud-init packages fix security vulnerability

Details

cloud-init has the ability to generate and set a randomized password for system users. This functionality is enabled at runtime by passing cloud-config data such as: 'chpasswd: list: | user1:RANDOM'

When instructing cloud-init to set a random password for a new user account, versions before 21.1.19 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user (CVE-2021-3429).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2021-0494

Affected packages