Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Mageia: 2019-0234 Moderate: Ansible Information Leak via Substitution

mageia
Calendar Grey August 31, 2019
Dist Mageia Esm H88
Latest Ansible updates in Mageia address significant data exposure vulnerability identified prior to the launch of version 2.7.12.
Updated ansible package fixes security vulnerability: A flaw was discovered in the way Ansible templating was implemented before version 2.7.12, causing the possibility of informa...

Summary

Updated ansible package fixes security vulnerability:
A flaw was discovered in the way Ansible templating was implemented before version 2.7.12, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed (CVE-2019-10156).
Also, python-jmespath was added as a new dependency in Mageia 6.

References

- https://bugs.mageia.org/show_bug.cgi?id=25285

- https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst

- https://ubuntu.com/security/notices/USN-4072-1

- https://www.cve.org/CVERecord?id=CVE-2019-10156

Topics%20covered

Topics Covered

security advisory information disclosure severity moderate ansible Mageia variable substitution Python dependency

Resolution

SRPMS

- 7/core/ansible-2.7.12-1.mga7

- 6/core/ansible-2.7.12-1.mga6

- 6/core/python-jmespath-0.9.4-1.2.mga6

Publication date: 31 Aug 2019
URL: https://advisories.mageia.org/MGASA-2019-0234.html
Type: security
CVE: CVE-2019-10156

Topics%20covered

Topics Covered

security advisory information disclosure severity moderate ansible Mageia variable substitution Python dependency

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here