You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa ansible

Sigurnosni nedostaci programskog paketa ansible

by - 0

openSUSE Security Update: Security update for ansible
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1125-1
Rating: moderate
References: #1099808 #1102126 #1109957 #1112959 #1116587
#1118896 #1126503
Cross-References: CVE-2018-10875 CVE-2018-16837 CVE-2018-16859
CVE-2018-16876 CVE-2019-3828
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

An update that solves 5 vulnerabilities and has two fixes
is now available.

Description:

This update for ansible to version 2.7.8 fixes the following issues:

Security issues fixed:

– CVE-2018-16837: Fixed an information leak in user module (bsc#1112959).
– CVE-2018-16859: Fixed an issue which clould allow logging of password in
plaintext in Windows powerShell (bsc#1116587).
– CVE-2019-3828: Fixed a path traversal vulnerability in fetch module
(bsc#1126503).
– CVE-2018-10875: Fixed a potential code execution in ansible.cfg
(bsc#1099808).
– CVE-2018-16876: Fixed an issue which could allow information disclosure
in vvv+ mode with no_log on (bsc#1118896).

Other issues addressed:

– prepare update to 2.7.8 for multiple releases (boo#1102126, boo#1109957)

Release notes:
https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.
7.rst#id1

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2019-1125=1

Package List:

– SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):

ansible-2.7.8-9.1

References:

https://www.suse.com/security/cve/CVE-2018-10875.html
https://www.suse.com/security/cve/CVE-2018-16837.html
https://www.suse.com/security/cve/CVE-2018-16859.html
https://www.suse.com/security/cve/CVE-2018-16876.html
https://www.suse.com/security/cve/CVE-2019-3828.html
https://bugzilla.suse.com/1099808
https://bugzilla.suse.com/1102126
https://bugzilla.suse.com/1109957
https://bugzilla.suse.com/1112959
https://bugzilla.suse.com/1116587
https://bugzilla.suse.com/1118896
https://bugzilla.suse.com/1126503


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja, izvršavanje proizvoljnog programskog koda...

Close