FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The last vuln.xml file processed by FreshPorts is:
nothing found there
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
|8899298f-5a92-11eb-8558-3085a9a47796||cloud-init -- Wrong access permissions of authorized keys|
cloud-init release 20.4.1 is now available. This is a hotfix
release, that contains a single patch to address a security issue in
Briefly, for users who provide more than one unique SSH key to
cloud-init and have a shared AuthorizedKeysFile configured in
sshd_config, cloud-init 20.4 started writing all of these keys to such a
file, granting all such keys SSH access as root.
It's worth restating this implication: if you are using the default
AuthorizedKeysFile setting in /etc/ssh/sshd_config, as most will be,
then you are _not_ affected by this issue.
ge 20.4 lt 20.4.1