openSUSE-SU-2019:1635-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1635-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2019:1635-1
Related
Published
2019-06-27T05:50:47Z
Modified
2019-06-27T05:50:47Z
Summary
Security update for ansible
Details

This update for ansible fixes the following issues:

Ansible was updated to version 2.8.1:

Full changelog is at /usr/share/doc/packages/ansible/changelogs/

  • Bugfixes

    • ACI - DO not encode query_string
    • ACI modules - Fix non-signature authentication
    • Add missing directory provided via --playbook-dir to adjacent collection loading
    • Fix 'Interface not found' errors when using eosl2interface with nonexistant interfaces configured
    • Fix cannot get credential when source_auth set to credential_file.
    • Fix netconf_config backup string issue
    • Fix privilege escalation support for the docker connection plugin when credentials need to be supplied (e.g. sudo with password).
    • Fix vyos cli prompt inspection
    • Fixed loading namespaced documentation fragments from collections.
    • Fixing bug came up after running cnos_vrf module against coverity.
    • Properly handle data importer failures on PVC creation, instead of timing out.
    • To fix the ios static route TC failure in CI
    • To fix the nios member module params
    • To fix the nios_zone module idempotency failure
    • add terminal initial prompt for initial connection
    • allow include_role to work with ansible command
    • allow pythonrequirementsfacts to report on dependencies containing dashes
    • asa_config fix
    • azurermroledefinition - fix a small error in build scope.
    • azurermvirtualnetworkpeering - fix cross subscriptions virtual network peering.
    • cgroupperfrecap - When not using filepertask, make sure we don't prematurely close the perf files
    • display underlying error when reporting an invalid tasks: block.
    • dnf - fix wildcard matching for state: absent
    • docker connection plugin - accept version dev as 'newest version' and print warning.
    • docker_container - oom_killer and oom_score_adj options are available since docker-py 1.8.0, not 2.0.0 as assumed by the version check.
    • docker_container - fix network creation when networks_cli_compatible is enabled.
    • docker_container - use docker API's restart instead of stop/start to restart a container.
    • docker_image - if build was not specified, the wrong default for build.rm is used.
    • docker_image - if nocache set to yes but not build.nocache, the module failed.
    • docker_image - module failed when source: build was set but build.path options not specified.
    • docker_network module - fix idempotency when using aux_addresses in ipam_config.
    • ec2_instance - make Name tag idempotent
    • eos: don't fail modules without become set, instead show message and continue
    • eosconfig: check for session support when asked to 'diffagainst: session'
    • eos_eapi: fix idempotency issues when vrf was unspecified.
    • fix bugs for ce - more info see
    • fix incorrect uses of tonative that should be totext instead.
    • hcloud_volume - Fix idempotency when attaching a server to a volume.
    • ibmstorage - Added a check for null fields in ibmstorage utils module.
    • include_tasks - whitelist listen as a valid keyword
    • k8s - resource updates applied with force work correctly now
    • keep results subset also when not no_log.
    • meraki_switchport - improve reliability with native VLAN functionality.
    • netappeiscsitarget - fix netappeiscsitarget chap secret size and clearing functionality
    • netappevolumes - fix workload profileId indexing when no previous workload tags exist on the storage array.
    • nxos_acl some platforms/versions raise when no ACLs are present
    • nxos_facts fix https://github.com/ansible/ansible/pull/57009
    • nxosfilecopy fix passwordless workflow
    • nxosinterface Fix adminstate check for n6k
    • nxossnmptraps fix group all for N35 platforms
    • nxossnmpuser fix platform fixes for getsnmpuser
    • nxos_vlan mode idempotence bug
    • nxos_vlan vlan names containing regex ctl chars should be escaped
    • nxosvtp* modules fix n6k issues
    • openssl_certificate - fix private key passphrase handling for cryptography backend.
    • openssl_pkcs12 - fixes crash when private key has a passphrase and the module is run a second time.
    • os_stack - Apply tags conditionally so that the module does not throw up an error when using an older distro of openstacksdk
    • pass correct loading context to persistent connections other than local
    • pkg_mgr - Ansible 2.8.0 failing to install yum packages on Amazon Linux
    • postgresql - added initial SSL related tests
    • postgresql - added missingrequiredlibs, removed excess param mapping
    • postgresql - move connecttodb and getpgversion into module_utils/postgres.py (https://github.com/ansible/ansible/pull/55514)
    • postgresql_db - add note to the documentation about state dump and the incorrect rc (https://github.com/ansible/ansible/pull/57297)
    • postgresqldb - fix for postgresqldb fails if stderr contains output
    • postgresql_ping - fixed a typo in the module documentation
    • preserve actual ssh error when we cannot connect.
    • route53_facts - the module did not advertise check mode support, causing it not to be run in check mode.
    • sysctl: the module now also checks the output of STDERR to report if values are correctly set (https://github.com/ansible/ansible/pull/55695)
    • ufw - correctly check status when logging is off
    • uri - always return a value for status even during failure
    • urls - Handle redirects properly for IPv6 address by not splitting on : and rely on already parsed hostname and port values
    • vmwarevmfacts - fix the support with regular ESXi
    • vyos_interface fix https://github.com/ansible/ansible/pull/57169
    • we don't really need to template vars on definition as we do this on demand in templating.
    • win_acl - Fix qualifier parser when using UNC paths -
    • win_hostname - Fix non netbios compliant name handling
    • winrm - Fix issue when attempting to parse CLIXML on send input failure
    • xenserver_guest - fixed an issue where VM whould be powered off even though check mode is used if reconfiguration requires VM to be powered off.
    • xenserver_guest - proper error message is shown when maximum number of network interfaces is reached and multiple network interfaces are added at once.
    • yum - Fix false error message about autoremove not being supported
    • yum - fix failure when using update_cache standalone
    • yum - handle special 'none' value for proxy in yum.conf and .repo files

Update to version 2.8.0

Major changes:

  • Experimental support for Ansible Collections and content namespacing - Ansible content can now be packaged in a collection and addressed via namespaces. This allows for easier sharing, distribution, and installation of bundled modules/roles/plugins, and consistent rules for accessing specific content via namespaces.
  • Python interpreter discovery - The first time a Python module runs on a target, Ansible will attempt to discover the proper default Python interpreter to use for the target platform/version (instead of immediately defaulting to /usr/bin/python). You can override this behavior by setting ansiblepythoninterpreter or via config. (see https://github.com/ansible/ansible/pull/50163)
  • become - The deprecated CLI arguments for --sudo, --sudo-user, --ask-sudo-pass, -su, --su-user, and --ask-su-pass have been removed, in favor of the more generic --become, --become-user, --become-method, and --ask-become-pass.
  • become - become functionality has been migrated to a plugin architecture, to allow customization of become functionality and 3rd party become methods (https://github.com/ansible/ansible/pull/50991)

    • addresses CVE-2018-16859, CVE-2018-16876, CVE-2019-3828, CVE-2018-16837

For the full changelog see /usr/share/doc/packages/ansible/changelogs or online: https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst

References

Affected packages

SUSE:Package Hub 12 / ansible

Package

Name
ansible
Purl
purl:rpm/suse/ansible&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.1-bp150.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "ansible": "2.8.1-bp150.3.9.1"
        }
    ]
}

SUSE:Package Hub 15 / ansible

Package

Name
ansible
Purl
purl:rpm/suse/ansible&distro=SUSE%20Package%20Hub%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.1-bp150.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "ansible": "2.8.1-bp150.3.9.1"
        }
    ]
}

openSUSE:Leap 15.0 / ansible

Package

Name
ansible
Purl
purl:rpm/suse/ansible&distro=openSUSE%20Leap%2015.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.1-bp150.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "ansible": "2.8.1-bp150.3.9.1"
        }
    ]
}

openSUSE:Leap 15.1 / ansible

Package

Name
ansible
Purl
purl:rpm/suse/ansible&distro=openSUSE%20Leap%2015.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.1-bp150.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "ansible": "2.8.1-bp150.3.9.1"
        }
    ]
}