Several security issues were fixed in Ansible.
Software Description:
- ansible: Configuration management, deployment, and task execution system
Details:
It was discovered that Ansible did not properly verify certain fields of
X.509 certificates. An attacker could possibly use this issue to spoof
SSL servers if they were able to intercept network communications. This
issue only affected Ubuntu 14.04 LTS. (CVE-2015-3908)
Martin Carpenter discovered that certain connection plugins for Ansible
did not properly restrict users. An attacker with local access could
possibly use this issue to escape a restricted environment via symbolic
links misuse. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-6240)
Robin Schneider discovered that Ansible's apt_key module did not properly
verify key fingerprints. A remote attacker could possibly use this issue
to perform key injection, leading to the access of sensitive information.
This issue only affected Ubuntu 14.04 LT...
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS ansible 2.9.6+dfsg-1ubuntu0.1~esm3 Available with Ubuntu Pro Ubuntu 18.04 LTS ansible 2.5.1+dfsg-1ubuntu0.1+esm5 Available with Ubuntu Pro Ubuntu 16.04 LTS ansible 2.0.0.2-2ubuntu1.3+esm5 Available with Ubuntu Pro ansible-fireball 2.0.0.2-2ubuntu1.3+esm5 Available with Ubuntu Pro ansible-node-fireball 2.0.0.2-2ubuntu1.3+esm5 Available with Ubuntu Pro Ubuntu 14.04 LTS ansible 1.5.4+dfsg-1ubuntu0.1~esm3 Available with Ubuntu Pro ansible-fireball 1.5.4+dfsg-1ubuntu0.1~esm3 Available with Ubuntu Pro ansible-node-fireball 1.5.4+dfsg-1ubuntu0.1~esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7330-1
CVE-2015-3908, CVE-2015-6240, CVE-2016-8614, CVE-2019-10206,
CVE-2019-14846, CVE-2019-14904, CVE-2020-10729, CVE-2020-1739
Get the latest Linux and open source security news straight to your inbox.