Mageia 6: MGASA-2019-0023 Critical: Ansible Sensitive Data Exposure

mageia

January 8, 2019

It was found that when a retry task in ansible run with -vvv fails, it will log the raw return code, stdout and stderr from ssh which could have contained sensitive data (CVE-2018-...

Summary

It was found that when a retry task in ansible run with -vvv fails, it will log the raw return code, stdout and stderr from ssh which could have contained sensitive data (CVE-2018-16876).

References

- https://bugs.mageia.org/show_bug.cgi?id=24065

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZDHLHZ5V5K5AKBTGPLGFTPK3YNSOC4FY/

- https://www.cve.org/CVERecord?id=CVE-2018-16876

Topics Covered

security advisory critical threat sensitive data ansible Mageia

Resolution

SRPMS

- 6/core/ansible-2.4.6.0-1.2.mga6

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 08 Jan 2019

URL: https://advisories.mageia.org/MGASA-2019-0023.html

Type: security

CVE: CVE-2018-16876

Topics Covered

security advisory critical threat sensitive data ansible Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks