Bug#952563: marked as done (src:cloud-utils: ec2metadata does not speak EC2 IMDSv2)
Your message dated Thu, 28 May 2020 23:18:42 +0000
with message-id <E1jeRnO-0009lm-BE@fasolo.debian.org>
and subject line Bug#952563: fixed in cloud-utils 0.31-2
has caused the Debian Bug report #952563,
regarding src:cloud-utils: ec2metadata does not speak EC2 IMDSv2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
952563: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952563
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: src:cloud-utils: ec2metadata does not speak EC2 IMDSv2
- From: Noah Meyerhans <noahm@debian.org>
- Date: Tue, 25 Feb 2020 16:23:59 -0500
- Message-id: <158266583963.25791.6295685631176738606.reportbug@minas.morgul.net>
Package: src:cloud-utils
Version: 0.31-1
Severity: important
The ec2metadata command queries a well-known link-local endpoint
(169.254.169.254 in Amazon EC2) to obtain information about the instance
on which it runs. Last year, AWS released "IMDSv2" in an effort to
protect customers against some potentially severe information leaks
related to accidentally proxying this local data to the network. Details
at
https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/
IMDSv2 makes use of a session-based protocol, requiring clients to first
retrieve a time-limited session token, and then to include that token with
subsequent requests.
Because the intended purpose of IMDSv2 is to provide an additional layer
of defense against network abuses, customers utilizing it may choose to
disable IMDSv1. It's important that we facilitate this use case by
supporting IMDSv2 wherever possible. We should work to add this support
in both bullseye and buster (and potentially stretch if feasible)
noah
--- End Message ---
--- Begin Message ---
Source: cloud-utils
Source-Version: 0.31-2
Done: Noah Meyerhans <noahm@debian.org>
We believe that the bug you reported is fixed in the latest version of
cloud-utils, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 952563@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Noah Meyerhans <noahm@debian.org> (supplier of updated cloud-utils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 28 May 2020 15:11:57 -0700
Source: cloud-utils
Architecture: source
Version: 0.31-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Cloud Team <debian-cloud@lists.debian.org>
Changed-By: Noah Meyerhans <noahm@debian.org>
Closes: 952563
Changes:
cloud-utils (0.31-2) unstable; urgency=medium
.
* Add support for IMDSv2 in Amazon EC2. (Closes: #952563)
* Bump debhelper-compat to version 12
* Bump standards compliance to 4.5.0 (no changes needed)
* Add noahm@debian.org to Uploaders
Checksums-Sha1:
a21bd1dbde269ada3b3bcd015739e9eed22706a9 2232 cloud-utils_0.31-2.dsc
8a59af1183364838df32f884b4ba19bcd6a9830d 33616 cloud-utils_0.31-2.debian.tar.xz
a973e5149c4af3a5f8b5c4073cf3e07b560ed3f2 5681 cloud-utils_0.31-2_source.buildinfo
Checksums-Sha256:
a2ce111d2bab7407e18267852d099d0e21787dc9c8ab11d52c5d48845ce85a2a 2232 cloud-utils_0.31-2.dsc
0819dcbbfabf8f8d860c84793d92e3b34f3a34aa0e3842a0e3fd374ef22ae376 33616 cloud-utils_0.31-2.debian.tar.xz
079a81abff971f735bdbf1e2058ef0a0c250c4085e0ec1daec2fd9e0d5f409e7 5681 cloud-utils_0.31-2_source.buildinfo
Files:
895cc80b40c1136ee714a9ff267103fd 2232 admin optional cloud-utils_0.31-2.dsc
f8bc7fa86b8b7b93c250ed4605af0685 33616 admin optional cloud-utils_0.31-2.debian.tar.xz
65f4cf0071fda5376602a8fdfabb2c69 5681 admin optional cloud-utils_0.31-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCAAvFiEE65xaF5r2LDCTz+zyV68+Bn2yWDMFAl7QQVkRHG5vYWhtQGRl
Ymlhbi5vcmcACgkQV68+Bn2yWDNsxQ/8CKHL1NhF7RbYq7qjffkfBIlo/q13VNAF
9uMd1Cav6Ud5buyOSVnLEPrGCU9nzoA1K/T5ib2THjWpy0A6ZJLNL1cOQFLCDf9z
j99OrUCazBOqErbJT6DDoZy+P8IB5xLLq1C0XUfpuyYVgdA5gzL2EL8A1hzGe4xZ
DiCus9KGZWxes5gqmHcXbGdh4nCjw+WaJAfZJLY/FUl7lNipQRbGXjYZEzwRV1Bk
z0NL0tH0HUvSFUpgDiQ5s+0d+UZb8n6cPeZGdD3xoXp/51G2F/KwrVmZL/3kTWZH
XCYsMzmGG2Xvg+ZrhmuqhY3lNqnikv8poXnfP26Tuf3vY9CHKD7p0d7TUbDKHO/7
pUWyMsJ+14N22bpPkFosPU34+Dtvz+3V1nDEG7jIJdU9ILUWK9D9J4AJST9ge1JC
dnreAK+vW6XnV9MEdkNN5OpRFb84YwJUbsyhV3eozZcKeCcX7ymbjC1KODWO+czB
Lz88w5pA9OlDJ8Cw8RIApT+i9hL3iXgKrdyThCvES0fUy/tFWylUx4bkCHpzc/7A
KD9Vo6ZCc5aOASLk7bazPrAuSIC5gI2UJg4hW5AO/3ZCFiB9lG+DOxFH7GY4jK96
0jFZ1Wk//7U5gkvEI3bBGwuHqkvXIKtwgxSPD7iFZ9eLIGQe0gKOqXp2KRGduUKI
dWqSnCazjro=
=lyUO
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: