openSUSE-SU-2019:1125-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1125-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2019:1125-1
Related
Published
2019-04-03T01:50:46Z
Modified
2019-04-03T01:50:46Z
Summary
Security update for ansible
Details

This update for ansible to version 2.7.8 fixes the following issues:

Security issues fixed:

  • CVE-2018-16837: Fixed an information leak in user module (bsc#1112959).
  • CVE-2018-16859: Fixed an issue which clould allow logging of password in plaintext in Windows powerShell (bsc#1116587).
  • CVE-2019-3828: Fixed a path traversal vulnerability in fetch module (bsc#1126503).
  • CVE-2018-10875: Fixed a potential code execution in ansible.cfg (bsc#1099808).
  • CVE-2018-16876: Fixed an issue which could allow information disclosure in vvv+ mode with no_log on (bsc#1118896).

Other issues addressed:

  • prepare update to 2.7.8 for multiple releases (boo#1102126, boo#1109957)

Release notes: https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst#id1

References

Affected packages

SUSE:Package Hub 12 / ansible

Package

Name
ansible
Purl
purl:rpm/suse/ansible&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.8-bp150.3.6.1

Ecosystem specific

{
    "binaries": [
        {
            "ansible": "2.7.8-bp150.3.6.1"
        }
    ]
}

SUSE:Package Hub 15 / ansible

Package

Name
ansible
Purl
purl:rpm/suse/ansible&distro=SUSE%20Package%20Hub%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.8-bp150.3.6.1

Ecosystem specific

{
    "binaries": [
        {
            "ansible": "2.7.8-bp150.3.6.1"
        }
    ]
}

openSUSE:Leap 15.0 / ansible

Package

Name
ansible
Purl
purl:rpm/suse/ansible&distro=openSUSE%20Leap%2015.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.8-bp150.3.6.1

Ecosystem specific

{
    "binaries": [
        {
            "ansible": "2.7.8-bp150.3.6.1"
        }
    ]
}