Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

openSUSE: 2019:1130-1 Moderate: Ansible Security Exposure Patch

opensuse
Calendar Grey April 3, 2019
Dist Opensuse Esm H88
Ansible's latest release resolves various vulnerabilities, enhancing safety in openSUSE environments. Comprehensive installation guidelines are included.
An update that solves 5 vulnerabilities and has two fixes is now available.

Description

This update for ansible to version 2.7.8 fixes the following issues:

Security issues fixed:

- CVE-2018-16837: Fixed an information leak in user module (bsc#1112959).

- CVE-2018-16859: Fixed an issue which clould allow logging of password in

plaintext in Windows powerShell (bsc#1116587).

- CVE-2019-3828: Fixed a path traversal vulnerability in fetch module

(bsc#1126503).

- CVE-2018-10875: Fixed a potential code execution in ansible.cfg

(bsc#1099808).

- CVE-2018-16876: Fixed an issue which could allow information disclosure

in vvv+ mode with no_log on (bsc#1118896).

Other issues addressed:

- prepare update to 2.7.8 for multiple releases (boo#1102126, boo#1109957)

Release notes:

.

7.rst#id1

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2019-1125=1

Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):

ansible-2.7.8-9.1

References

https://www.suse.com/security/cve/CVE-2018-10875.html

https://www.suse.com/security/cve/CVE-2018-16837.html

https://www.suse.com/security/cve/CVE-2018-16859.html

https://www.suse.com/security/cve/CVE-2018-16876.html

https://www.suse.com/security/cve/CVE-2019-3828.html

https://bugzilla.suse.com/1099808

https://bugzilla.suse.com/1102126

https://bugzilla.suse.com/1109957

https://bugzilla.suse.com/1112959

https://bugzilla.suse.com/1116587

https://bugzilla.suse.com/1118896

https://bugzilla.suse.com/1126503

--

Announcement ID: openSUSE-SU-2019:1125-1
Rating: moderate
Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here