Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Ubuntu: 6846-1 Critical: Ansible Input Handling Security Advisory

ubuntu
Calendar Grey June 25, 2024
Scroller Ubuntu
Key vulnerabilities have been patched in Ansible that impact various Ubuntu LTS versions. Ensure to update your systems immediately!
Several security issues were fixed in Ansible.

Summary

Several security issues were fixed in Ansible.

Software Description:

- ansible: Configuration management, deployment, and task execution system

Details:

It was discovered that Ansible incorrectly handled certain inputs when using

tower_callback parameter. If a user or an automated system were tricked into

opening a specially crafted input file, a remote attacker could possibly use

this issue to obtain sensitive information. This issue only affected Ubuntu

18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3697)

It was discovered that Ansible incorrectly handled certain inputs. If a user or

an automated system were tricked into opening a specially crafted input file, a

remote attacker could possibly use this issue to perform a Template Injection.

(CVE-2023-5764)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   ansible                         2.10.7+merged+base+2.10.8+dfsg-1ubuntu0.1~esm4
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   ansible                         2.9.6+dfsg-1ubuntu0.1~esm2
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   ansible                         2.5.1+dfsg-1ubuntu0.1+esm2
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   ansible                         2.0.0.2-2ubuntu1.3+esm2
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6846-1

CVE-2022-3697, CVE-2023-5764

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6846-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.