Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

Ubuntu 20.04-14.04: USN-7330-1 critical: Ansible security issues

ubuntu
Calendar Grey March 6, 2025
Dist Ubuntu Esm H88
A critical security alert from Ansible uncovers several threats necessitating prompt upgrades to protect Ubuntu installations.
Several security issues were fixed in Ansible.

Summary

Several security issues were fixed in Ansible.

Software Description:

- ansible: Configuration management, deployment, and task execution system

Details:

It was discovered that Ansible did not properly verify certain fields of

X.509 certificates. An attacker could possibly use this issue to spoof

SSL servers if they were able to intercept network communications. This

issue only affected Ubuntu 14.04 LTS. (CVE-2015-3908)

Martin Carpenter discovered that certain connection plugins for Ansible

did not properly restrict users. An attacker with local access could

possibly use this issue to escape a restricted environment via symbolic

links misuse. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-6240)

Robin Schneider discovered that Ansible's apt_key module did not properly

verify key fingerprints. A remote attacker could possibly use this issue

to perform key injection, leading to the access of sensitive information.

This issue only affected Ubuntu 14.04 LT...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
   ansible                         2.9.6+dfsg-1ubuntu0.1~esm3
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   ansible                         2.5.1+dfsg-1ubuntu0.1+esm5
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   ansible                         2.0.0.2-2ubuntu1.3+esm5
                                   Available with Ubuntu Pro
   ansible-fireball                2.0.0.2-2ubuntu1.3+esm5
                                   Available with Ubuntu Pro
   ansible-node-fireball           2.0.0.2-2ubuntu1.3+esm5
                                   Available with Ubuntu Pro

Ubuntu 14.04 LTS
   ansible                         1.5.4+dfsg-1ubuntu0.1~esm3
                                   Available with Ubuntu Pro
   ansible-fireball                1.5.4+dfsg-1ubuntu0.1~esm3
                                   Available with Ubuntu Pro
   ansible-node-fireball           1.5.4+dfsg-1ubuntu0.1~esm3
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7330-1

  CVE-2015-3908, CVE-2015-6240, CVE-2016-8614, CVE-2019-10206,

  CVE-2019-14846, CVE-2019-14904, CVE-2020-10729, CVE-2020-1739

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7330-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here