Register | Log in

google-compute-image-packages

Choose email to subscribe with

general

source: google-compute-image-packages (main)
version: 20190124-3
maintainer: Debian Cloud Team (archive) (DMD)
uploaders: Lucas Kanashiro [DMD]
arch: all any
std-ver: 4.3.0
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-bpo: 20181206-2~bpo9+1
oldstable: 20190124-3

versioned links

20181206-2~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20190124-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

google-compute-engine
google-compute-engine-oslogin
python3-google-compute-engine

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:

CVE-2020-8903: A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from the systemd journal. Using the DHCP XID, it is then possible to set the IP address and hostname of the instance to any value, which is then stored in /etc/hosts. An attacker can then point metadata.google.internal to an arbitrary IP address and impersonate the GCE metadata server which make it is possible to instruct the OS Login PAM module to grant administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "adm" user from the OS Login entry.
CVE-2020-8907: A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "docker" user from the OS Login entry.
CVE-2020-8933: A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "lxd" user from the OS Login entry.

Created: 2021-02-19 Last update: 2022-02-03 20:02

lintian reports 5 warnings high

Lintian reports 5 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2021-11-05 04:32

3 security issues in bullseye high

There are 3 open security issues in bullseye.

3 important issues:

CVE-2020-8903: A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from the systemd journal. Using the DHCP XID, it is then possible to set the IP address and hostname of the instance to any value, which is then stored in /etc/hosts. An attacker can then point metadata.google.internal to an arbitrary IP address and impersonate the GCE metadata server which make it is possible to instruct the OS Login PAM module to grant administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "adm" user from the OS Login entry.
CVE-2020-8907: A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "docker" user from the OS Login entry.
CVE-2020-8933: A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "lxd" user from the OS Login entry.

Created: 2021-02-19 Last update: 2021-04-22 09:31

No known security issue in buster wishlist

There are 3 open security issues in buster.

3 ignored issues:

CVE-2020-8903: A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from the systemd journal. Using the DHCP XID, it is then possible to set the IP address and hostname of the instance to any value, which is then stored in /etc/hosts. An attacker can then point metadata.google.internal to an arbitrary IP address and impersonate the GCE metadata server which make it is possible to instruct the OS Login PAM module to grant administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "adm" user from the OS Login entry.
CVE-2020-8907: A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "docker" user from the OS Login entry.
CVE-2020-8933: A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "lxd" user from the OS Login entry.

Created: 2021-02-19 Last update: 2022-02-03 23:30

news

[2022-02-03] Removed 20190916-1 from unstable (Debian FTP Masters)
[2021-04-26] google-compute-image-packages REMOVED from testing (Debian testing watch)
[2019-10-09] google-compute-image-packages 20190916-1 MIGRATED to testing (Debian testing watch)
[2019-10-03] Accepted google-compute-image-packages 20190916-1 (source) into unstable (Helen Koike) (signed by: Lucas Kanashiro)
[2019-03-25] google-compute-image-packages 20190124-3 MIGRATED to testing (Debian testing watch)
[2019-03-14] Accepted google-compute-image-packages 20190124-3 (source) into unstable (Lucas Kanashiro)
[2019-03-06] Accepted google-compute-image-packages 20190124-2 (source) into unstable (Lucas Kanashiro)
[2019-02-22] google-compute-image-packages 20190124-1 MIGRATED to testing (Debian testing watch)
[2019-02-12] Accepted google-compute-image-packages 20190124-1 (source) into unstable (Lucas Kanashiro)
[2019-02-08] Accepted google-compute-image-packages 20181206-4 (source) into unstable (Bastian Blank)
[2019-01-29] google-compute-image-packages 20181206-3 MIGRATED to testing (Debian testing watch)
[2019-01-24] Accepted google-compute-image-packages 20181206-3 (source) into unstable (Lucas Kanashiro)
[2019-01-16] Accepted google-compute-image-packages 20181206-2~bpo9+1 (source amd64 all) into stretch-backports (Lucas Kanashiro)
[2019-01-16] Accepted google-compute-image-packages 20181206-1~bpo9+1 (source amd64 all) into stretch-backports, stretch-backports (Bastian Blank)
[2019-01-08] google-compute-image-packages 20181206-2 MIGRATED to testing (Debian testing watch)
[2019-01-03] Accepted google-compute-image-packages 20181206-2 (source amd64 all) into unstable (Lucas Kanashiro)
[2019-01-01] google-compute-image-packages 20181206-1 MIGRATED to testing (Debian testing watch)
[2018-12-27] google-compute-image-packages 20180905-2 MIGRATED to testing (Debian testing watch)
[2018-12-26] Accepted google-compute-image-packages 20181206-1 (source amd64 all) into unstable (Lucas Kanashiro)
[2018-12-22] Accepted google-compute-image-packages 20180905-2 (source amd64 all) into unstable, unstable (Lucas Kanashiro)

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 5)
buildd: logs, clang, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing