Synopsis: Moderate: cloud-init security, bug fix, and enhancement update Advisory ID: SLSA-2020:3898-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2018-10896 CVE-2020-8632 CVE-2020-8631 -- Security Fix(es): * cloud-init: Use of random.choice when generating random password (CVE-2020-8631) * cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py (CVE-2020-8632) * cloud-init: default configuration disabled deletion of SSH host keys (CVE-2018-10896) -- SL7 x86_64 cloud-init-19.4-7.el7.x86_64.rpm - Scientific Linux Development Team