Summary: | CVE-2018-10896 cloud-init: default configuration disabled deletion of SSH host keys [rhel-7] | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Khramov Anton <kay.diam> | |
Component: | cloud-init | Assignee: | Eduardo Otubo <eterrell> | |
Status: | CLOSED ERRATA | QA Contact: | Huijuan Zhao <huzhao> | |
Severity: | low | Docs Contact: | ||
Priority: | low | |||
Version: | 7.5 | CC: | dmoppert, eterrell, huzhao, jeharris, jgreguske, linl, ribarry, rmccabe, thoger, virt-maint, xiachen, yacao, yujiang, yuxisun | |
Target Milestone: | rc | Keywords: | SecurityTracking, Triaged | |
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | cloud-init-19.4-2.el7 | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1814152 (view as bug list) | Environment: | ||
Last Closed: | 2020-09-29 19:48:41 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Bug Depends On: | ||||
Bug Blocks: | 1598831, 1814152 | |||
Deadline: | 2020-01-02 |
Description
Khramov Anton
2018-05-03 05:36:00 UTC
Tested with rhel-7.9(3.10.0-1128.el7.x86_64) + cloud-init-19.4-2.el7.x86_64, the issue is fixed. 1. There's "ssh_deletekeys: 1" and "ssh_genkeytypes: ~" in /etc/cloud/cloud.cfg. 2. Compare the content of /etc/ssh/ssh_host_*key* between VM1 and image: The content are different between VM1 and image. SSH host keys are regenerated for the new instance. Change the status to VERIFIED. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: cloud-init security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:3898 |