openSUSE: 2019:1858-1: moderate: ansible

    Date14 Aug 2019
    CategoryopenSUSE
    441
    Posted ByLinuxSecurity Advisories
    Opensuse Large
    An update that fixes four vulnerabilities is now available.
       openSUSE Security Update: Security update for ansible
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2019:1858-1
    Rating:             moderate
    References:         #1109957 #1112959 #1118896 #1126503 
    Cross-References:   CVE-2018-16837 CVE-2018-16859 CVE-2018-16876
                        CVE-2019-3828
    Affected Products:
                        openSUSE Backports SLE-15-SP1
    ______________________________________________________________________________
    
       An update that fixes four vulnerabilities is now available.
    
    Description:
    
       This update for ansible fixes the following issues:
    
       Ansible was updated to version 2.8.1:
    
       Full changelog is at /usr/share/doc/packages/ansible/changelogs/
    
       - Bugfixes
    
         - ACI - DO not encode query_string
         - ACI modules - Fix non-signature authentication
         - Add missing directory provided via ``--playbook-dir`` to adjacent
           collection loading
         - Fix "Interface not found" errors when using eos_l2_interface with
           nonexistant interfaces configured
         - Fix cannot get credential when `source_auth` set to `credential_file`.
         - Fix netconf_config backup string issue
         - Fix privilege escalation support for the docker connection plugin when
           credentials need to be supplied (e.g. sudo with password).
         - Fix vyos cli prompt inspection
         - Fixed loading namespaced documentation fragments from collections.
         - Fixing bug came up after running cnos_vrf module against coverity.
         - Properly handle data importer failures on PVC creation, instead of
           timing out.
         - To fix the ios static route TC failure in CI
         - To fix the nios member module params
         - To fix the nios_zone module idempotency failure
         - add terminal initial prompt for initial connection
         - allow include_role to work with ansible command
         - allow python_requirements_facts to report on dependencies containing
           dashes
         - asa_config fix
         - azure_rm_roledefinition - fix a small error in build scope.
         - azure_rm_virtualnetworkpeering - fix cross subscriptions virtual
           network peering.
         - cgroup_perf_recap - When not using file_per_task, make sure we don't
           prematurely close the perf files
         - display underlying error when reporting an invalid ``tasks:`` block.
         - dnf - fix wildcard matching for state: absent
         - docker connection plugin - accept version ``dev`` as 'newest version'
           and print warning.
         - docker_container - ``oom_killer`` and ``oom_score_adj`` options are
           available since docker-py 1.8.0, not 2.0.0 as assumed by the version
           check.
         - docker_container - fix network creation when
           ``networks_cli_compatible`` is enabled.
         - docker_container - use docker API's ``restart`` instead of
           ``stop``/``start`` to restart a container.
         - docker_image - if ``build`` was not specified, the wrong default for
           ``build.rm`` is used.
         - docker_image - if ``nocache`` set to ``yes`` but not
           ``build.nocache``, the module failed.
         - docker_image - module failed when ``source: build`` was set but
           ``build.path`` options not specified.
         - docker_network module - fix idempotency when using ``aux_addresses``
           in ``ipam_config``.
         - ec2_instance - make Name tag idempotent
         - eos: don't fail modules without become set, instead show message and
           continue
         - eos_config: check for session support when asked to 'diff_against:
           session'
         - eos_eapi: fix idempotency issues when vrf was unspecified.
         - fix bugs for ce - more info see
         - fix incorrect uses of to_native that should be to_text instead.
         - hcloud_volume - Fix idempotency when attaching a server to a volume.
         - ibm_storage - Added a check for null fields in ibm_storage utils
           module.
         - include_tasks - whitelist ``listen`` as a valid keyword
         - k8s - resource updates applied with force work correctly now
         - keep results subset also when not no_log.
         - meraki_switchport - improve reliability with native VLAN functionality.
         - netapp_e_iscsi_target - fix netapp_e_iscsi_target chap secret size and
           clearing functionality
         - netapp_e_volumes - fix workload profileId indexing when no previous
           workload tags exist on the storage array.
         - nxos_acl some platforms/versions raise when no ACLs are present
         - nxos_facts fix 
         - nxos_file_copy fix passwordless workflow
         - nxos_interface Fix admin_state check for n6k
         - nxos_snmp_traps fix group all for N35 platforms
         - nxos_snmp_user fix platform fixes for get_snmp_user
         - nxos_vlan mode idempotence bug
         - nxos_vlan vlan names containing regex ctl chars should be escaped
         - nxos_vtp_* modules fix n6k issues
         - openssl_certificate - fix private key passphrase handling for
           ``cryptography`` backend.
         - openssl_pkcs12 - fixes crash when private key has a passphrase and the
           module is run a second time.
         - os_stack - Apply tags conditionally so that the module does not throw
           up an error when using an older distro of openstacksdk
         - pass correct loading context to persistent connections other than local
         - pkg_mgr - Ansible 2.8.0 failing to install yum packages on Amazon Linux
         - postgresql - added initial SSL related tests
         - postgresql - added missing_required_libs, removed excess param mapping
         - postgresql - move connect_to_db and get_pg_version into
           module_utils/postgres.py
           (https://github.com/ansible/ansible/pull/55514)
         - postgresql_db - add note to the documentation about state dump and the
           incorrect rc (https://github.com/ansible/ansible/pull/57297)
         - postgresql_db - fix for postgresql_db fails if stderr contains output
         - postgresql_ping - fixed a typo in the module documentation
         - preserve actual ssh error when we cannot connect.
         - route53_facts - the module did not advertise check mode support,
           causing it not to be run in check mode.
         - sysctl: the module now also checks the output of STDERR to report if
           values are correctly set
           (https://github.com/ansible/ansible/pull/55695)
         - ufw - correctly check status when logging is off
         - uri - always return a value for status even during failure
         - urls - Handle redirects properly for IPv6 address by not splitting on
           ``:`` and rely on already parsed hostname and port values
         - vmware_vm_facts - fix the support with regular ESXi
         - vyos_interface fix 
         - we don't really need to template vars on definition as we do this on
           demand in templating.
         - win_acl - Fix qualifier parser when using UNC paths -
         - win_hostname - Fix non netbios compliant name handling
         - winrm - Fix issue when attempting to parse CLIXML on send input failure
         - xenserver_guest - fixed an issue where VM whould be powered off even
           though check mode is used if reconfiguration requires VM to be powered
           off.
         - xenserver_guest - proper error message is shown when maximum number of
           network interfaces is reached and multiple network interfaces are
           added at
           once.
         - yum - Fix false error message about autoremove not being supported
         - yum - fix failure when using ``update_cache`` standalone
         - yum - handle special "_none_" value for proxy in yum.conf and .repo
           files
    
       Update to version 2.8.0
    
       Major changes:
    
         * Experimental support for Ansible Collections and content namespacing -
           Ansible content can now be packaged in a collection and addressed via
           namespaces. This allows for easier sharing, distribution, and
           installation
           of bundled modules/roles/plugins, and consistent rules for accessing
            specific content via namespaces.
         * Python interpreter discovery - The first time a Python module runs on
           a target, Ansible will attempt to discover the proper default Python
           interpreter to use for the target platform/version (instead of
           immediately defaulting to /usr/bin/python). You can override this
           behavior by setting ansible_python_interpreter or via config. (see
           https://github.com/ansible/ansible/pull/50163)
         * become - The deprecated CLI arguments for --sudo, --sudo-user,
           --ask-sudo-pass, -su, --su-user, and --ask-su-pass have been removed,
            in favor of the more generic --become, --become-user,
            --become-method, and
           --ask-become-pass.
         * become - become functionality has been migrated to a plugin
           architecture, to allow customization of become functionality and 3rd
           party become methods (https://github.com/ansible/ansible/pull/50991)
    
       - addresses CVE-2018-16859, CVE-2018-16876, CVE-2019-3828, CVE-2018-16837
    
       For the full changelog see /usr/share/doc/packages/ansible/changelogs or
       online:
       https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.
       8.rst
    
    
       This update was imported from the openSUSE:Leap:15.1:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Backports SLE-15-SP1:
    
          zypper in -t patch openSUSE-2019-1858=1
    
    
    
    Package List:
    
       - openSUSE Backports SLE-15-SP1 (noarch):
    
          ansible-2.8.1-bp151.3.3.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2018-16837.html
       https://www.suse.com/security/cve/CVE-2018-16859.html
       https://www.suse.com/security/cve/CVE-2018-16876.html
       https://www.suse.com/security/cve/CVE-2019-3828.html
       https://bugzilla.suse.com/1109957
       https://bugzilla.suse.com/1112959
       https://bugzilla.suse.com/1118896
       https://bugzilla.suse.com/1126503
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":51.32,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.47,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"26","type":"x","order":"3","pct":34.21,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.