openSUSE: 2019:1858-1: moderate: ansible

    Date 14 Aug 2019
    582
    Posted By LinuxSecurity Advisories
    An update that fixes four vulnerabilities is now available.
       openSUSE Security Update: Security update for ansible
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2019:1858-1
    Rating:             moderate
    References:         #1109957 #1112959 #1118896 #1126503 
    Cross-References:   CVE-2018-16837 CVE-2018-16859 CVE-2018-16876
                        CVE-2019-3828
    Affected Products:
                        openSUSE Backports SLE-15-SP1
    ______________________________________________________________________________
    
       An update that fixes four vulnerabilities is now available.
    
    Description:
    
       This update for ansible fixes the following issues:
    
       Ansible was updated to version 2.8.1:
    
       Full changelog is at /usr/share/doc/packages/ansible/changelogs/
    
       - Bugfixes
    
         - ACI - DO not encode query_string
         - ACI modules - Fix non-signature authentication
         - Add missing directory provided via ``--playbook-dir`` to adjacent
           collection loading
         - Fix "Interface not found" errors when using eos_l2_interface with
           nonexistant interfaces configured
         - Fix cannot get credential when `source_auth` set to `credential_file`.
         - Fix netconf_config backup string issue
         - Fix privilege escalation support for the docker connection plugin when
           credentials need to be supplied (e.g. sudo with password).
         - Fix vyos cli prompt inspection
         - Fixed loading namespaced documentation fragments from collections.
         - Fixing bug came up after running cnos_vrf module against coverity.
         - Properly handle data importer failures on PVC creation, instead of
           timing out.
         - To fix the ios static route TC failure in CI
         - To fix the nios member module params
         - To fix the nios_zone module idempotency failure
         - add terminal initial prompt for initial connection
         - allow include_role to work with ansible command
         - allow python_requirements_facts to report on dependencies containing
           dashes
         - asa_config fix
         - azure_rm_roledefinition - fix a small error in build scope.
         - azure_rm_virtualnetworkpeering - fix cross subscriptions virtual
           network peering.
         - cgroup_perf_recap - When not using file_per_task, make sure we don't
           prematurely close the perf files
         - display underlying error when reporting an invalid ``tasks:`` block.
         - dnf - fix wildcard matching for state: absent
         - docker connection plugin - accept version ``dev`` as 'newest version'
           and print warning.
         - docker_container - ``oom_killer`` and ``oom_score_adj`` options are
           available since docker-py 1.8.0, not 2.0.0 as assumed by the version
           check.
         - docker_container - fix network creation when
           ``networks_cli_compatible`` is enabled.
         - docker_container - use docker API's ``restart`` instead of
           ``stop``/``start`` to restart a container.
         - docker_image - if ``build`` was not specified, the wrong default for
           ``build.rm`` is used.
         - docker_image - if ``nocache`` set to ``yes`` but not
           ``build.nocache``, the module failed.
         - docker_image - module failed when ``source: build`` was set but
           ``build.path`` options not specified.
         - docker_network module - fix idempotency when using ``aux_addresses``
           in ``ipam_config``.
         - ec2_instance - make Name tag idempotent
         - eos: don't fail modules without become set, instead show message and
           continue
         - eos_config: check for session support when asked to 'diff_against:
           session'
         - eos_eapi: fix idempotency issues when vrf was unspecified.
         - fix bugs for ce - more info see
         - fix incorrect uses of to_native that should be to_text instead.
         - hcloud_volume - Fix idempotency when attaching a server to a volume.
         - ibm_storage - Added a check for null fields in ibm_storage utils
           module.
         - include_tasks - whitelist ``listen`` as a valid keyword
         - k8s - resource updates applied with force work correctly now
         - keep results subset also when not no_log.
         - meraki_switchport - improve reliability with native VLAN functionality.
         - netapp_e_iscsi_target - fix netapp_e_iscsi_target chap secret size and
           clearing functionality
         - netapp_e_volumes - fix workload profileId indexing when no previous
           workload tags exist on the storage array.
         - nxos_acl some platforms/versions raise when no ACLs are present
         - nxos_facts fix 
         - nxos_file_copy fix passwordless workflow
         - nxos_interface Fix admin_state check for n6k
         - nxos_snmp_traps fix group all for N35 platforms
         - nxos_snmp_user fix platform fixes for get_snmp_user
         - nxos_vlan mode idempotence bug
         - nxos_vlan vlan names containing regex ctl chars should be escaped
         - nxos_vtp_* modules fix n6k issues
         - openssl_certificate - fix private key passphrase handling for
           ``cryptography`` backend.
         - openssl_pkcs12 - fixes crash when private key has a passphrase and the
           module is run a second time.
         - os_stack - Apply tags conditionally so that the module does not throw
           up an error when using an older distro of openstacksdk
         - pass correct loading context to persistent connections other than local
         - pkg_mgr - Ansible 2.8.0 failing to install yum packages on Amazon Linux
         - postgresql - added initial SSL related tests
         - postgresql - added missing_required_libs, removed excess param mapping
         - postgresql - move connect_to_db and get_pg_version into
           module_utils/postgres.py
           (https://github.com/ansible/ansible/pull/55514)
         - postgresql_db - add note to the documentation about state dump and the
           incorrect rc (https://github.com/ansible/ansible/pull/57297)
         - postgresql_db - fix for postgresql_db fails if stderr contains output
         - postgresql_ping - fixed a typo in the module documentation
         - preserve actual ssh error when we cannot connect.
         - route53_facts - the module did not advertise check mode support,
           causing it not to be run in check mode.
         - sysctl: the module now also checks the output of STDERR to report if
           values are correctly set
           (https://github.com/ansible/ansible/pull/55695)
         - ufw - correctly check status when logging is off
         - uri - always return a value for status even during failure
         - urls - Handle redirects properly for IPv6 address by not splitting on
           ``:`` and rely on already parsed hostname and port values
         - vmware_vm_facts - fix the support with regular ESXi
         - vyos_interface fix 
         - we don't really need to template vars on definition as we do this on
           demand in templating.
         - win_acl - Fix qualifier parser when using UNC paths -
         - win_hostname - Fix non netbios compliant name handling
         - winrm - Fix issue when attempting to parse CLIXML on send input failure
         - xenserver_guest - fixed an issue where VM whould be powered off even
           though check mode is used if reconfiguration requires VM to be powered
           off.
         - xenserver_guest - proper error message is shown when maximum number of
           network interfaces is reached and multiple network interfaces are
           added at
           once.
         - yum - Fix false error message about autoremove not being supported
         - yum - fix failure when using ``update_cache`` standalone
         - yum - handle special "_none_" value for proxy in yum.conf and .repo
           files
    
       Update to version 2.8.0
    
       Major changes:
    
         * Experimental support for Ansible Collections and content namespacing -
           Ansible content can now be packaged in a collection and addressed via
           namespaces. This allows for easier sharing, distribution, and
           installation
           of bundled modules/roles/plugins, and consistent rules for accessing
            specific content via namespaces.
         * Python interpreter discovery - The first time a Python module runs on
           a target, Ansible will attempt to discover the proper default Python
           interpreter to use for the target platform/version (instead of
           immediately defaulting to /usr/bin/python). You can override this
           behavior by setting ansible_python_interpreter or via config. (see
           https://github.com/ansible/ansible/pull/50163)
         * become - The deprecated CLI arguments for --sudo, --sudo-user,
           --ask-sudo-pass, -su, --su-user, and --ask-su-pass have been removed,
            in favor of the more generic --become, --become-user,
            --become-method, and
           --ask-become-pass.
         * become - become functionality has been migrated to a plugin
           architecture, to allow customization of become functionality and 3rd
           party become methods (https://github.com/ansible/ansible/pull/50991)
    
       - addresses CVE-2018-16859, CVE-2018-16876, CVE-2019-3828, CVE-2018-16837
    
       For the full changelog see /usr/share/doc/packages/ansible/changelogs or
       online:
       https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.
       8.rst
    
    
       This update was imported from the openSUSE:Leap:15.1:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Backports SLE-15-SP1:
    
          zypper in -t patch openSUSE-2019-1858=1
    
    
    
    Package List:
    
       - openSUSE Backports SLE-15-SP1 (noarch):
    
          ansible-2.8.1-bp151.3.3.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2018-16837.html
       https://www.suse.com/security/cve/CVE-2018-16859.html
       https://www.suse.com/security/cve/CVE-2018-16876.html
       https://www.suse.com/security/cve/CVE-2019-3828.html
       https://bugzilla.suse.com/1109957
       https://bugzilla.suse.com/1112959
       https://bugzilla.suse.com/1118896
       https://bugzilla.suse.com/1126503
    
    -- 
    

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/30-do-you-feel-that-the-lawful-access-to-encrypted-data-act-which-aims-to-force-encryption-backdoors-is-a-threat-to-privacy?task=poll.vote&format=json
    30
    radio
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"7","type":"x","order":"1","pct":100,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.