|
|
Subscribe / Log in / New account

Oracle alert ELSA-2025-11324 (cloud-init)



From:
              Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com>


To:
              el-errata@oss.oracle.com


Subject:
              [El-errata] ELSA-2025-11324 Important: Oracle Linux 8 cloud-init security update


Date:
              Tue, 22 Jul 2025 05:44:15 -0700


Message-ID:
              <mailman.167.1753188264.3112399.el-errata@oss.oracle.com>


Oracle Linux Security Advisory ELSA-2025-11324

http://linux.oracle.com/errata/ELSA-2025-11324.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
cloud-init-23.4-7.0.2.el8_10.10.noarch.rpm

aarch64:
cloud-init-23.4-7.0.2.el8_10.10.noarch.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/cloud-init-23.4-7...

Related CVEs:

CVE-2024-6174




Description of changes:

[23.4-7.0.2.el8_10.10]
- Fixes regression in cloud-init with module cc_write_files_deferred [Orabug: 37382965]
- Update IPv6 IMDS endpoint to ULA and drop NIC identifier [Orabug: 35965980]
- Enable IPv6 [Orabug: 36502414]
- Added missing services in rhel/systemd/cloud-init.service [Orabug: 32183938]
- Increase retry value and add timeout for OCI [Orabug: 35329883]
- Fix log file permissions [Orabug: 35302985]
- Update detection logic for OL distros in config template [Orabug: 34845400]
- Added missing services in cloud-init.service.tmpl for sshd [Orabug: 32183938]
- Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 [Orabug: 30435672]
- limit permissions [Orabug: 31352433]
- Changes to ignore all enslaved interfaces [Orabug: 30092148]
- Fix swap file size allocation logic to allocate maxsize [Orabug: 29952349]
- Make Oracle datasource detect dracut based config files [Orabug: 29956753]
- add modified version of enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch:
  1. Enable ec2_utils.py having a way to stop retrying to get ec2 metadata
  2. Apply stop retrying to get ec2 metadata to helper/openstack.py MetadataReader
  Resolves: Oracle-Bug:41660 (Bugzilla)
- added OL to list of known distros

[23.4.0.1]
- Apply OpenELA fixes

[23.4-7.el8.10]
- ci-fix-Don-t-attempt-to-identify-non-x86-OpenStack-inst.patch [RHEL-100606]
- ci-fix-strict-disable-in-ds-identify-on-no-datasources-.patch [RHEL-100606]
- Resolves: RHEL-100606
  (CVE-2024-6174 cloud-init: From CVEorg collector [rhel-8.10.z])


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds