You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa ansible

Sigurnosni nedostaci programskog paketa ansible

==========================================================================
Ubuntu Security Notice USN-4072-1
July 24, 2019

ansible vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Ansible.

Software Description:
– ansible: Configuration management, deployment, and task execution system

Details:

It was discovered that Ansible failed to properly handle sensitive information.
A local attacker could use those vulnerabilities to extract them.
(CVE-2017-7481)
(CVE-2018-10855)
(CVE-2018-16837)
(CVE-2018-16876)
(CVE-2019-10156)

It was discovered that Ansible could load configuration files from the current
working directory containing crafted commands. An attacker could run arbitrary
code as result.
(CVE-2018-10874)
(CVE-2018-10875)

It was discovered that Ansible fetch module had a path traversal vulnerability.
A local attacker could copy and overwrite files outside of the specified
destination.
(CVE-2019-3828)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
ansible 2.7.8+dfsg-1ubuntu0.19.04.1

Ubuntu 18.04 LTS:
ansible 2.5.1+dfsg-1ubuntu0.1

Ubuntu 16.04 LTS:
ansible 2.0.0.2-2ubuntu1.3

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4072-1
CVE-2017-7481, CVE-2018-10855, CVE-2018-10874, CVE-2018-10875,
CVE-2018-16837, CVE-2018-16876, CVE-2019-10156, CVE-2019-3828

Package Information:
https://launchpad.net/ubuntu/+source/ansible/2.7.8+dfsg-1ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/ansible/2.5.1+dfsg-1ubuntu0.1
https://launchpad.net/ubuntu/+source/ansible/2.0.0.2-2ubuntu1.3
—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAl0492kACgkQbUp5kL3i
zGbJBw//exWpkIwIDEI7sRlJlvNFMyKCxaIwTxk1j3yyTG5weztVaJUc5jrauUVe
K1p54pINNPqGOtuVz9c2ADZS7sSxYHPaqUYKd4CjFX0P+YICZNsjHFmuSI85xRJa
+qQsevmaqpk1+MdA/X625uOsdTyYOjnee14gXsxWSSqoiapyI6DED47ha5yeyRLe
l4RY5D1xLHnAQjyeVveTtNihKho2Dbxso+6fFuemCoQbN5+PBBlhM3zvaHnCPf+q
4CRGu4Pi9utMfl9jnwJAqszSNLRpikBeOcQiiPh/zXzrhGhAY7tMcRJEdYHkE4Bh
1D2Mp+nuk7gnYksNG7WFlzuD30Pl9EWVfhzdDyklt1xGesiZN8qO/7BjJ+AnfRW2
6QnA46k+RiBifiGsVZNR1Xl/TgZW3TFQOqQp8M/pldUeNqiCAOArqWo71ctpsNlE
U8ErywjMwbLdHWkaMklWnrHbaT1ecAESJaM3+DWCYU2LMLVzBQbfczsoseuEs0pc
aqFvM4SIvpmE348n22rA7PNQ/UXH6fXPQoyz5HvKyVYrO8DHaG84UN0UdqTyLee7
K9SfYkyMJqCdA43+oTFPmAdsSynjdTzpyK8RY8dFWOWNkjFBGbjk7Om7EBiky/9u
fts0QqKjwpTRAAOahIM4leWBqxtL2eArnM5qQuzD/K75PsJc2XM=
=9GEx
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak jezgre operacijskog sustava

Otkriven je sigurnosni nedostatak jezgre operacijskog sustava FreeBSD. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija ili stjecanje uvećanih ovlasti....

Close