The resolution for this seurity bug is comprised of two fixes, one fix for runtime logic that is run either by cloud-init on either first boot and every reboot and one fix for downstream packaging postinstall script to allow for patching /run/cloud-init/instance-data.json for systems which may not reboot.
The resolution for this seurity bug is comprised of two fixes, one fix for runtime logic that is run either by cloud-init on either first boot and every reboot and one fix for downstream packaging postinstall script to allow for patching /run/cloud- init/instance- data.json for systems which may not reboot.
The commits are below:
1. upstream commit in main to set perms 640 always and redact instance-data.json /github. com/canonical/ cloud-init/ commit/ a378b7e4f473754 58651c0972e7cd8 13f6fe0a6b
https:/
2. postinstall downstream fix to perform the same operations across package upgrade /github. com/canonical/ cloud-init/ commit/ 86606eb493f2518 99c1c6784e8d267 43d6a379d2
https:/
Separately, a backport to Xenial(16.04) packaging postinst for Ubunto Pro ESM was necessary: /github. com/canonical/ cloud-init/ commit/ 857d03609e7d180 c2b640a73bcdb80 89b7be6093
https:/