Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

openSUSE: 2020:0523-1 Moderate: Ansible Issues Resolved

opensuse
Calendar Grey April 16, 2020
Dist Opensuse Esm H88
A recent update for openSUSE resolves 8 vulnerabilities in Ansible, bolstering security measures and safeguarding against potential data breaches. Discover the steps to carry out the update.

An update that solves 8 vulnerabilities and has two fixes is now available.

Description

This update for ansible to version 2.9.6 fixes the following issues:

Security issues fixed:

- CVE-2019-14904: Fixed a vulnerability in solaris_zone module via crafted

solaris zone (boo#1157968).

- CVE-2019-14905: Fixed an issue where malicious code could craft filename

in nxos_file_copy module (boo#1157969).

- CVE-2019-14864: Fixed Splunk and Sumologic callback plugins leak

sensitive data in logs (boo#1154830).

- CVE-2019-14846: Fixed secrets disclosure on logs due to display is

hardcoded to DEBUG level (boo#1153452)

- CVE-2019-14856: Fixed insufficient fix for CVE-2019-10206 (boo#1154232)

- CVE-2019-14858: Fixed data in the sub parameter fields that will not be

masked and will be displayed when run with increased verbosity

(boo#1154231)

- CVE-2019-10206: ansible-playbook -k and ansible cli tools prompt

passwords by expanding them from templates as they could contain special

characters. Passwords...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate update security fix data leak openSUSE ansible

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-523=1

Package List

- openSUSE Backports SLE-15-SP1 (noarch):

ansible-2.9.6-bp151.3.6.1

ansible-doc-2.9.6-bp151.3.6.1

ansible-test-2.9.6-bp151.3.6.1

References

https://www.suse.com/security/cve/CVE-2019-10206.html

https://www.suse.com/security/cve/CVE-2019-10217.html

https://www.suse.com/security/cve/CVE-2019-14846.html

https://www.suse.com/security/cve/CVE-2019-14856.html

https://www.suse.com/security/cve/CVE-2019-14858.html

https://www.suse.com/security/cve/CVE-2019-14864.html

https://www.suse.com/security/cve/CVE-2019-14904.html

https://www.suse.com/security/cve/CVE-2019-14905.html

https://bugzilla.suse.com/1137479

https://bugzilla.suse.com/1142542

https://bugzilla.suse.com/1142690

https://bugzilla.suse.com/1144453

https://bugzilla.suse.com/1153452

https://bugzilla.suse.com/1154231

https://bugzilla.suse.com/1154232

https://bugzilla.suse.com/1154830

https://bugzilla.suse.com/1157968

https://bugzilla.suse.com/1157969

--

Announcement ID: openSUSE-SU-2020:0523-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate update security fix data leak openSUSE ansible

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here