openSUSE-SU-2020:0513-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2020:0513-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2020:0513-1
Related
Published
2020-04-12T16:16:26Z
Modified
2020-04-12T16:16:26Z
Summary
Security update for ansible
Details

This update for ansible to version 2.9.6 fixes the following issues:

Security issues fixed:

  • CVE-2019-14904: Fixed a vulnerability in solaris_zone module via crafted solaris zone (boo#1157968).
  • CVE-2019-14905: Fixed an issue where malicious code could craft filename in nxosfilecopy module (boo#1157969).
  • CVE-2019-14864: Fixed Splunk and Sumologic callback plugins leak sensitive data in logs (boo#1154830).
  • CVE-2019-14846: Fixed secrets disclosure on logs due to display is hardcoded to DEBUG level (boo#1153452)
  • CVE-2019-14856: Fixed insufficient fix for CVE-2019-10206 (boo#1154232)
  • CVE-2019-14858: Fixed data in the sub parameter fields that will not be masked and will be displayed when run with increased verbosity (boo#1154231)
  • CVE-2019-10206: ansible-playbook -k and ansible cli tools prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them. (boo#1142690)
  • CVE-2019-10217: Fields managing sensitive data should be set as such by nolog feature. Some of these fields in GCP modules are not set properly. serviceaccountcontents() which is common class for all gcp modules is not setting nolog to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks. (boo#1144453)
References

Affected packages

openSUSE:Leap 15.1 / ansible

Package

Name
ansible
Purl
purl:rpm/suse/ansible&distro=openSUSE%20Leap%2015.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.6-lp151.2.7.1

Ecosystem specific

{
    "binaries": [
        {
            "ansible": "2.9.6-lp151.2.7.1",
            "ansible-doc": "2.9.6-lp151.2.7.1",
            "ansible-test": "2.9.6-lp151.2.7.1"
        }
    ]
}