Debian: DSA-4396-1: ansible security update
Debian: DSA-4396-1: ansible security update
Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system: CVE-2018-10855 / CVE-2018-16876
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4396-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff February 19, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ansible CVE ID : CVE-2018-10855 CVE-2018-10875 CVE-2018-16837 CVE-2018-16876 CVE-2019-3828 Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system: CVE-2018-10855 / CVE-2018-16876 The no_log task flag wasn't honored, resulting in an information leak. CVE-2018-10875 ansible.cfg was read from the current working directory. CVE-2018-16837 The user module leaked parameters passed to ssh-keygen to the process environment. CVE-2019-3828 The fetch module was susceptible to path traversal. For the stable distribution (stretch), these problems have been fixed in version 2.2.1.0-2+deb9u1. We recommend that you upgrade your ansible packages. For the detailed security status of ansible please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ansible Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.