{"affected":[{"ecosystem_specific":{"binaries":[{"cloud-init":"25.1.3-1.1","cloud-init-config-suse":"25.1.3-1.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.0","name":"cloud-init","purl":"pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Micro%206.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"25.1.3-1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for cloud-init fixes the following issues:\n\nUpdate to version 25.1.3:\n\n- CVE-2024-6174: Unpriveleged user could trigger hotplug-hook commands (bsc#1245403).\n\nNone security fixes:\n\n- Rebase cloud-init to 24.4 or higher (bsc#1239715, jsc#PED-8680).\n- Fixed cloud-init --debug status (bsc#1228414).\n- Using ssh_pwauth: True in cloud-init breaks ssh for root (bsc#1237764).\n- Fixed FileNotFoundError (bsc#1236720).\n- Fixed python 3.13 support (bsc#1233649).\n","id":"SUSE-SU-2025:20656-1","modified":"2025-09-05T12:57:05Z","published":"2025-09-05T12:57:05Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202520656-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228414"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233649"},{"type":"REPORT","url":"https://bugzilla.suse.com/1236720"},{"type":"REPORT","url":"https://bugzilla.suse.com/1237764"},{"type":"REPORT","url":"https://bugzilla.suse.com/1239715"},{"type":"REPORT","url":"https://bugzilla.suse.com/1245403"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-1786"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-11584"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6174"}],"related":["CVE-2023-1786","CVE-2024-11584","CVE-2024-6174"],"summary":"Security update for cloud-init","upstream":["CVE-2023-1786","CVE-2024-11584","CVE-2024-6174"]}