openSUSE-SU-2020:0523-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2020:0523-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2020:0523-1
Related
Published
2020-04-16T04:12:24Z
Modified
2020-04-16T04:12:24Z
Summary
Security update for ansible
Details

This update for ansible to version 2.9.6 fixes the following issues:

Security issues fixed:

  • CVE-2019-14904: Fixed a vulnerability in solaris_zone module via crafted solaris zone (boo#1157968).
  • CVE-2019-14905: Fixed an issue where malicious code could craft filename in nxosfilecopy module (boo#1157969).
  • CVE-2019-14864: Fixed Splunk and Sumologic callback plugins leak sensitive data in logs (boo#1154830).
  • CVE-2019-14846: Fixed secrets disclosure on logs due to display is hardcoded to DEBUG level (boo#1153452)
  • CVE-2019-14856: Fixed insufficient fix for CVE-2019-10206 (boo#1154232)
  • CVE-2019-14858: Fixed data in the sub parameter fields that will not be masked and will be displayed when run with increased verbosity (boo#1154231)
  • CVE-2019-10206: ansible-playbook -k and ansible cli tools prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them. (boo#1142690)
  • CVE-2019-10217: Fields managing sensitive data should be set as such by nolog feature. Some of these fields in GCP modules are not set properly. serviceaccountcontents() which is common class for all gcp modules is not setting nolog to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks. (boo#1144453)

This update was imported from the openSUSE:Leap:15.1:Update update project.

References

Affected packages

SUSE:Package Hub 15 SP1 / ansible

Package

Name
ansible
Purl
purl:rpm/suse/ansible&distro=SUSE%20Package%20Hub%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.6-bp151.3.6.1

Ecosystem specific

{
    "binaries": [
        {
            "ansible": "2.9.6-bp151.3.6.1",
            "ansible-doc": "2.9.6-bp151.3.6.1",
            "ansible-test": "2.9.6-bp151.3.6.1"
        }
    ]
}