Alerts This Week
Warning Icon 1 929
Alerts This Week
Warning Icon 1 929

openSUSE Leap 15.1: 2020:0513-1 Moderate: Ansible Security Fixes

opensuse
Calendar Grey April 12, 2020
Dist Opensuse Esm H88
A new patch for Fedora resolves 10 vulnerabilities in puppet, improving protection measures and overall security for its community.
An update that solves 8 vulnerabilities and has two fixes is now available.

Description

This update for ansible to version 2.9.6 fixes the following issues:

Security issues fixed:

- CVE-2019-14904: Fixed a vulnerability in solaris_zone module via crafted

solaris zone (boo#1157968).

- CVE-2019-14905: Fixed an issue where malicious code could craft filename

in nxos_file_copy module (boo#1157969).

- CVE-2019-14864: Fixed Splunk and Sumologic callback plugins leak

sensitive data in logs (boo#1154830).

- CVE-2019-14846: Fixed secrets disclosure on logs due to display is

hardcoded to DEBUG level (boo#1153452)

- CVE-2019-14856: Fixed insufficient fix for CVE-2019-10206 (boo#1154232)

- CVE-2019-14858: Fixed data in the sub parameter fields that will not be

masked and will be displayed when run with increased verbosity

(boo#1154231)

- CVE-2019-10206: ansible-playbook -k and ansible cli tools prompt

passwords by expanding them from templates as they could contain special

characters. Passwords should be wrapped...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate threat issue patch openSUSE ansible

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-513=1

Package List

- openSUSE Leap 15.1 (noarch):

ansible-2.9.6-lp151.2.7.1

ansible-doc-2.9.6-lp151.2.7.1

ansible-test-2.9.6-lp151.2.7.1

References

https://www.suse.com/security/cve/CVE-2019-10206.html

https://www.suse.com/security/cve/CVE-2019-10217.html

https://www.suse.com/security/cve/CVE-2019-14846.html

https://www.suse.com/security/cve/CVE-2019-14856.html

https://www.suse.com/security/cve/CVE-2019-14858.html

https://www.suse.com/security/cve/CVE-2019-14864.html

https://www.suse.com/security/cve/CVE-2019-14904.html

https://www.suse.com/security/cve/CVE-2019-14905.html

https://bugzilla.suse.com/1137479

https://bugzilla.suse.com/1142542

https://bugzilla.suse.com/1142690

https://bugzilla.suse.com/1144453

https://bugzilla.suse.com/1153452

https://bugzilla.suse.com/1154231

https://bugzilla.suse.com/1154232

https://bugzilla.suse.com/1154830

https://bugzilla.suse.com/1157968

https://bugzilla.suse.com/1157969

--

Announcement ID: openSUSE-SU-2020:0513-1
Rating: moderate
Affected Products: openSUSE Leap 15.1 le.

Topics%20covered

Topics Covered

security advisory moderate threat issue patch openSUSE ansible

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here