Not a user yet?
Log in Register for free Suggest a product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Update

USN-7677-1: cloud-init vulnerabilities

Ubuntu ServerUbuntu Server
Canonical
Update from patrick-devicebaseUpdate from:
patrick-devicebase (expert)

USN-7677-1: cloud-init vulnerabilities
Publication date: 28 July 2025
Overview: Several security issues were fixed in cloud-init.

Packages
cloud-init - initialization and customization tool for cloud instances
Details
Harry Sintonen discovered that the hotplugd socket in cloud-init was world
writable. An attacker could possibly use this issue to send hotplug-hook
commands. (CVE-2024-11584)

It was discovered that cloud-init granted root access to a hardcoded URL
with a local IP address when a non-x86 platform is detected. An attacker
could possibly impersonate an OpenStack endpoint and provide root
configuration data. (CVE-2024-6174)

Update instructions
The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version

  • 24.04 noble: cloud-init – 25.1.4-0ubuntu0~24.04.1
Version: 24.04 LTS Link
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Canonical Ubuntu Server updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad