Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Ubuntu 20.04-14.04: USN-7330-1 critical: Ansible security issues

ubuntu
Calendar Grey March 6, 2025
Dist Ubuntu Esm H88
A critical security alert from Ansible uncovers several threats necessitating prompt upgrades to protect Ubuntu installations.
Several security issues were fixed in Ansible.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Ansible. Software Description: - ansible: Configuration management, deployment, and task execution system Details: It was discovered that Ansible did not properly verify certain fields of X.509 certificates. An attacker could possibly use this issue to spoof SSL servers if they were able to intercept network communications. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3908) Martin Carpenter discovered that certain connection plugins for Ansible did not properly restrict users. An attacker with local access could possibly use this issue to escape a restricted environment via symbolic links misuse. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-6240) Robin Schneider discovered that Ansible's apt_key module did not properly verify key fingerprin...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory software update access control Ubuntu configuration management ansible task execution

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS   ansible                         2.9.6+dfsg-1ubuntu0.1~esm3                                   Available with Ubuntu Pro Ubuntu 18.04 LTS   ansible                         2.5.1+dfsg-1ubuntu0.1+esm5                                   Available with Ubuntu Pro Ubuntu 16.04 LTS   ansible                         2.0.0.2-2ubuntu1.3+esm5                                   Available with Ubuntu Pro   ansible-fireball                2.0.0.2-2ubuntu1.3+esm5                                   Available with Ubuntu Pro   ansible-node-fireball           2.0.0.2-2ubuntu1.3+esm5                                   Available with Ubuntu Pro Ubuntu 14.04 LTS   ansible                         1.5.4+dfsg-1ubuntu0.1~esm3                                   Available with Ubuntu Pro   ansible-fireball                1.5.4+dfsg-1ubuntu0.1~esm3                                   Available with Ubuntu Pro   ansible-node-fireball           1.5.4+dfsg-1ubuntu0.1~esm3                                   Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7330-1

  CVE-2015-3908, CVE-2015-6240, CVE-2016-8614, CVE-2019-10206,

  CVE-2019-14846, CVE-2019-14904, CVE-2020-10729, CVE-2020-1739

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7330-1

Topics%20covered

Topics Covered

security advisory software update access control Ubuntu configuration management ansible task execution

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here