Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

Ubuntu 19.04 LTS: Ansible Security Advisory USN-4072-1 Released

ubuntu
Calendar Grey July 24, 2019
Dist Ubuntu Esm H88
Ubuntu versions 19.04, 18.04 LTS, and 16.04 LTS have received security patches for Ansible vulnerabilities. Users should apply updates ASAP
Several security issues were fixed in Ansible.

Summary

Several security issues were fixed in Ansible.

Software Description:

- ansible: Configuration management, deployment, and task execution system

Details:

It was discovered that Ansible failed to properly handle sensitive information.

A local attacker could use those vulnerabilities to extract them.

(CVE-2017-7481)

(CVE-2018-10855)

(CVE-2018-16837)

(CVE-2018-16876)

(CVE-2019-10156)

It was discovered that Ansible could load configuration files from the current

working directory containing crafted commands. An attacker could run arbitrary

code as result.

(CVE-2018-10874)

(CVE-2018-10875)

It was discovered that Ansible fetch module had a path traversal vulnerability.

A local attacker could copy and overwrite files outside of the specified

destination.

(CVE-2019-3828)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
  ansible                         2.7.8+dfsg-1ubuntu0.19.04.1

Ubuntu 18.04 LTS:
  ansible                         2.5.1+dfsg-1ubuntu0.1

Ubuntu 16.04 LTS:
  ansible                         2.0.0.2-2ubuntu1.3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4072-1

CVE-2017-7481, CVE-2018-10855, CVE-2018-10874, CVE-2018-10875,

CVE-2018-16837, CVE-2018-16876, CVE-2019-10156, CVE-2019-3828

Severity
important
Lowest
Low
Medium
High
Critical

July 24, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.