MGASA-2014-0350
- Source
- https://advisories.mageia.org/MGASA-2014-0350.html
- Import Source
- https://advisories.mageia.org/MGASA-2014-0350.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2014-0350
- Related
- Published
- 2014-08-25T08:44:11Z
- Modified
- 2014-08-25T08:30:23Z
- Summary
- Updated ansible package fixes multiple security issues
- Details
-
Updated ansible package fixes security vulnerabilities:
The Ansible platform before version 1.6.7 suffers from input sanitization errors that allow arbitrary code execution as well as information leak, in case an attacker is able to control certain playbook variables (CVE-2014-4678, CVE-2014-4966, CVE-2014-4967).
The ansible package has been updated to version 1.6.8, which fixes these issues and several other bugs.
- References
-
- https://advisories.mageia.org/MGASA-2014-0350.html
- https://bugs.mageia.org/show_bug.cgi?id=13649
- http://openwall.com/lists/oss-security/2014/07/02/2
- http://www.ocert.org/advisories/ocert-2014-004.html
- https://github.com/ansible/ansible/blob/release1.6.10/CHANGELOG.md
- https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135284.html
- https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136395.html
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:4 / ansible
Package
- Name
- ansible
- Purl
- pkg:rpm/mageia/ansible?distro=mageia-4