PPA with proposed packages: https://launchpad.net/~lucaskanashiro/+archive/ubuntu/ha-stack-aws
** Description changed: + [Impact] + + This update is considered as a hardware enablement feature which will + allow AWS users to make use of the IMDSv2 support recently added to + resource-agents. This is an important security related feature recently + introduced by AWS. + + [Test Case] + + TBD + + [Where problems could occur] + + All the patches needed change only the AWS agents, so if a problem could + occur it would affect only them. + + [Original Description] + Last year, AWS released "IMDSv2" in an effort to protect customers against some potentially severe information leaks related to accidentally proxying this local data to the network. Details at https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/ IMDSv2 makes use of a session-based protocol, requiring clients to first retrieve a time-limited session token, and then to include that token with subsequent requests. Because the intended purpose of IMDSv2 is to provide an additional layer of defense against network abuses, customers utilizing it may choose to disable IMDSv1. Disabling IMDSv2 today causes fence_aws to fail. ** Summary changed: - Backport AWS agent with IMDSv2 support + [SRU] Backport AWS agent with IMDSv2 support -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1915203 Title: [SRU] Backport AWS agent with IMDSv2 support To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/resource-agents/+bug/1915203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs