openSUSE-SU-2019:1125-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1125-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2019:1125-1
- Related
- Published
- 2019-04-03T01:50:46Z
- Modified
- 2019-04-03T01:50:46Z
- Summary
- Security update for ansible
- Details
-
This update for ansible to version 2.7.8 fixes the following issues:
Security issues fixed:
- CVE-2018-16837: Fixed an information leak in user module (bsc#1112959).
- CVE-2018-16859: Fixed an issue which clould allow logging of password in plaintext in Windows powerShell (bsc#1116587).
- CVE-2019-3828: Fixed a path traversal vulnerability in fetch module (bsc#1126503).
- CVE-2018-10875: Fixed a potential code execution in ansible.cfg (bsc#1099808).
- CVE-2018-16876: Fixed an issue which could allow information disclosure in vvv+ mode with no_log on (bsc#1118896).
Other issues addressed:
- prepare update to 2.7.8 for multiple releases (boo#1102126, boo#1109957)
Release notes: https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst#id1
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/P7ES2KO7RTXEO4IZY7YGCEBV3XZND5MW/#P7ES2KO7RTXEO4IZY7YGCEBV3XZND5MW
- https://bugzilla.suse.com/1099808
- https://bugzilla.suse.com/1102126
- https://bugzilla.suse.com/1109957
- https://bugzilla.suse.com/1112959
- https://bugzilla.suse.com/1116587
- https://bugzilla.suse.com/1118896
- https://bugzilla.suse.com/1126503
- https://www.suse.com/security/cve/CVE-2018-10875
- https://www.suse.com/security/cve/CVE-2018-16837
- https://www.suse.com/security/cve/CVE-2018-16859
- https://www.suse.com/security/cve/CVE-2018-16876
- https://www.suse.com/security/cve/CVE-2019-3828
Affected packages
SUSE:Package Hub 12 / ansible
Package
- Name
- ansible
- Purl
- purl:rpm/suse/ansible&distro=SUSE%20Package%20Hub%2012
SUSE:Package Hub 15 / ansible
Package
- Name
- ansible
- Purl
- purl:rpm/suse/ansible&distro=SUSE%20Package%20Hub%2015