This update for ansible to version 2.9.6 fixes the following issues:
Security issues fixed:
CVE-2019-14904: Fixed a vulnerability in solaris_zone module via crafted solaris zone (boo#1157968).
CVE-2019-14905: Fixed an issue where malicious code could craft filename in nxosfilecopy module (boo#1157969).
CVE-2019-14864: Fixed Splunk and Sumologic callback plugins leak sensitive data in logs (boo#1154830).
CVE-2019-14846: Fixed secrets disclosure on logs due to display is hardcoded to DEBUG level (boo#1153452)
CVE-2019-14856: Fixed insufficient fix for CVE-2019-10206 (boo#1154232)
CVE-2019-14858: Fixed data in the sub parameter fields that will not be masked
and will be displayed when run with increased verbosity (boo#1154231)
CVE-2019-10206: ansible-playbook -k and ansible cli tools prompt passwords by
expanding them from templates as they could contain special characters.
Passwords should be wrapped to prevent templates trigger and exposing them. (boo#1142690)
CVE-2019-10217: Fields managing sensitive data should be set as such by nolog
feature. Some of these fields in GCP modules are not set properly.
serviceaccountcontents() which is common class for all gcp modules is not
setting nolog to True. Any sensitive data managed by that function would be
leak as an output when running ansible playbooks. (boo#1144453)