Public bug reported:
Last year, AWS released "IMDSv2" in an effort to protect customers against some
potentially severe information leaks related to accidentally proxying this
local data to the network. Details
at
https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/
IMDSv2 makes use of a session-based protocol, requiring clients to first
retrieve a time-limited session token, and then to include that token
with subsequent requests.
Because the intended purpose of IMDSv2 is to provide an additional layer
of defense against network abuses, customers utilizing it may choose to
disable IMDSv1. Disabling IMDSv2 today causes fence_aws to fail.
** Affects: fence-agents (Ubuntu)
Importance: Undecided
Status: Fix Committed
** Affects: fence-agents (Ubuntu Bionic)
Importance: Undecided
Status: New
** Affects: fence-agents (Ubuntu Focal)
Importance: Undecided
Status: New
** Affects: fence-agents (Ubuntu Groovy)
Importance: Undecided
Status: New
** Also affects: fence-agents (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: fence-agents (Ubuntu Groovy)
Importance: Undecided
Status: New
** Also affects: fence-agents (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: fence-agents (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1915190
Title:
Backport the fence_aws support for IMDSv2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fence-agents/+bug/1915190/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
