Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
89
security advisoryFedoracritical fixFedora 34: FDA 2021-0e7910e389 Critical: Ansible 2.9.27 Remote Task Fix
Update to 2.9.27 bugfix release. Includes fix for CVE-2021-3620. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-0e7910e389 2021-11-04 01:32:58.741721 --------------------------------------------------------------------------------Name : ansible Product : Fedora 34 Version : 2.9.27 Release : 1.fc34 URL : https://www.redhat.com/en/ansible-collaborative Summary : SSH-based configuration management, deployment, and task execution system Description : Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. --------------------------------------------------------------------------------Update Information: Update to 2.9.27 bugfix release. Includes fix for CVE-2021-3620 --------------------------------------------------------------------------------ChangeLog: * Mon Oct 11 2021 Kevin Fenzi - 2.9.27-1 - Update to 2.9.27. Fixes rhbz#2012918 * Tue Sep 14 2021 Kevin Fenzi - 2.9.26-1 - Update to 2.9.26. Fixes rhbz#2002394 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-0e7910e389' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list
Nov 03, 2021
•Critical
Fedora
98
security advisoryred hatbug fixRedHat: RHSA-2019-3203-01 Important: Ansible Security And Bug Fix Update
An update is now available for Ansible Engine 2.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability . -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Ansible security and bug fix update Advisory ID: RHSA-2019:3203-01 Product: Red Hat Ansible Engine Advisory URL: https://access.redhat.com/errata/RHSA-2019:3203 Issue date: 2019-10-24 CVE Names: CVE-2019-14846 CVE-2019-14856 CVE-2019-14858 ==================================================================== 1. Summary: An update is now available for Ansible Engine 2.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Ansible Engine 2.8 for RHEL 7 Server - noarch Red Hat Ansible Engine 2.8 for RHEL 8 - noarch 3. Description: Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.8.6) Bug Fix(es): * ansible: incomplete fix for CVE-2019-10206 (CVE-2019-14856) * ansible: sub parameters marked as no_log are not masked in certain failure scenarios (CVE-2019-14858) * ansible: secrets disclosed on logs when no_log enabled (CVE-2019-14846) See: t for details onbug fixes in this release. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1755373 - CVE-2019-14846 ansible: secrets disclosed on logs when no_log enabled 1760593 - CVE-2019-14858 ansible: sub parameters marked as no_log are not masked in certain failure scenarios 1760829 - CVE-2019-14856 ansible: Incomplete fix for CVE-2019-10206 6. Package List: Red Hat Ansible Engine 2.8 for RHEL 7 Server: Source: ansible-2.8.6-1.el7ae.src.rpm noarch: ansible-2.8.6-1.el7ae.noarch.rpm Red Hat Ansible Engine 2.8 for RHEL 8: Source: ansible-2.8.6-1.el8ae.src.rpm noarch: ansible-2.8.6-1.el8ae.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-14846 https://access.redhat.com/security/cve/CVE-2019-14856 https://access.redhat.com/security/cve/CVE-2019-14858 https://access.redhat.com/security/updates/classification#important https://github.com/ansible/ansible/blob/v2.8.6/changelogs/CHANGELOG-v2.8.rst 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE-----Version: GnuPGv1 iQIVAwUBXbGh+tzjgjWX9erEAQjZKA//acV1loN8Pz6ycRec8p5Iz3mm8kQES7cv zXb/uiiHkUsPwsNO6gBl8/RmbkJNM2I0+UH+dBD6bfE/SwdqnebjTs8qzRv/WCSH aeFZs3pC5sDw5lCiH+VnpqIPtnItL5fHi/doBgaPzU8zxc/uWDMuaOKfU/5tMFGK poPWmbaH1Oq0f4n7dWwl9Z8nvowFS32d0damsQKLLGYD9DzYNs2UvJ7OD89EN/hf 3gBLg5LIegZB3EMKgXpZ8yfqhZw2QIY0B1EoF2SidC0ibgdQethyDeKSfAG1QrRd PxK1/PsyyOqYq4/yAXaqmdHVAcMy7pVtqEIyDVCiu9L91yg2hKpkzXJcZBN58T7Z fZwK2pHb4B1sP+lHFoBMvwxT7sBWlMOcbKM/EwHn/0cbrQHrNOG5F1WjjG1F2XNm FJzdhqL/YRSeTKdrvhQWjfsDjAX0siZTKGqb9vJl4XqQGD7fkUCBleEdM5ibLrBS e2oTqMRJZb8OgpcM97xJlB6Q/w81pKNhHVDGN5183nBfPqeBwhdlALSVCeLqTeal Vjt1IA9Sq6Uu8zmofaNNF+0SjXydUD9/eaexDA4ZnchOZm59ZbtCGk7WGIlpGANB nmt35uZpHQALv0dBZtRaj2h7UCWAUyp2ULRcx+jODauK5GzpitEIUQ9IbURTmx7t AuIu66YTGk0=iZiv -----END PGP SIGNATURE-------RHSA-announce mailing list
Oct 24, 2019
•Important
Red Hat
98
security advisoryRed Hatbug fixRedHat Ansible Engine 2.5: RHSA-2018-3835-01 Low Severity Disclosure
An update for ansible is now available for Ansible Engine 2.5. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: ansible security and bug fix update Advisory ID: RHSA-2018:3835-01 Product: Red Hat Ansible Engine Advisory URL: https://access.redhat.com/errata/RHSA-2018:3835 Issue date: 2018-12-18 CVE Names: CVE-2018-16876 ==================================================================== 1. Summary: An update for ansible is now available for Ansible Engine 2.5. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Ansible Engine 2.5 for RHEL 7 Server - noarch 3. Description: Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.5.14) Security fix(es): * ansible: information disclosure in vvv+ mode with no_log on (CVE-2018-16876) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): See st for details on bug fixes in this release. 4. Solution: Before applying this update, make sure allpreviously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1657330 - CVE-2018-16876 ansible: Information disclosure in vvv+ mode with no_log on 6. Package List: Red Hat Ansible Engine 2.5 for RHEL 7 Server: Source: ansible-2.5.14-1.el7ae.src.rpm noarch: ansible-2.5.14-1.el7ae.noarch.rpm ansible-doc-2.5.14-1.el7ae.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2018-16876 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXBjhv9zjgjWX9erEAQgI/g//Yw+9K1J0BlPYOmuAA/6gjG/GvA1ofLYK nBpdCapt/sxqZU0rQf7dKO2Pgze6auQDJsjc0Gce4hDQdvLy9bPvJB4U1eZU3WHn zUNY58cCFRBPzg32HmDDMfNWsP8rhlYB+UxHhS01BFhwex8goZZsxLsCW3H56VBM Q54qqfGYPx07FvAoCOy9Vv5OYSU+HA28KkMDsdRqG3PssHvytrW4gWiX1x7Vlq/U mypyK0x3HR7k0jcZ3eGiuPV7IHAVqK9UO7zJY8pYMimysIbtWyZmemeeRRtHCW7X qHJf/Vx7hvOOm80vMJUwUUYayyTi+uXqxIu/Rx+LzP5XAnjkvR4VJkqpwi5ZvZE7 Kn+wFPnRw3iaEiPEslw6ElhY7rDl1a2vGM2EF3rbzHRVBmLVM8hK/8sD8J6ks5Wd b6yb9igxiqNgZoX26J9wJG6wIbKs+d/iJg+T/kJXvas13rLsmV/IbFwbQi6ulla9 AblfD2mH2dEHFvIwy9hrbJWXrMrYmITEgqYQqvT01dg2ZjNI9gyIAw0kimPha43Y CrsKDSCtLRmhhGEuKTcpf5YYk4SfNUbTHXVqx83fgPiB3xvSCd5XPrsQzOmwppZO 2g6/t+gD2HQgQMEKUcYDYT/CnK9ZcEpF2Zkg4O2Oe1AszjIXZyx3xaOXkA78rJvf uE1dS4qjQAM=RNXx -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 18, 2018
•Low
Red Hat
89
security advisoryFedoraupdate notificationFedora 27 Ansible 2.4.1.0 Update Notification: Bugfixes
Update to ansible 2.4.1.0 with various bugfixes. See https://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md for a full list of changes.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-c2729c23b0 2017-11-11 13:29:22.454760 --------------------------------------------------------------------------------Name : ansible Product : Fedora 27 Version : 2.4.1.0 Release : 2.fc27 URL : https://www.redhat.com/en/ansible-collaborative Summary : SSH-based configuration management, deployment, and task execution system Description : Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. --------------------------------------------------------------------------------Update Information: Update to ansible 2.4.1.0 with various bugfixes. See https://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md for a full list of changes. --------------------------------------------------------------------------------References: [ 1 ] Bug #1500754 - ansible-python3 is broken https://bugzilla.redhat.com/show_bug.cgi?id=1500754 [ 2 ] Bug #1500483 - ssh-extra-args/ssh-common-args ignored (potential regression in 2.4) https://bugzilla.redhat.com/show_bug.cgi?id=1500483 [ 3 ] Bug #1507295 - Ansible 2.4.1 has been released (important bugfixes) https://bugzilla.redhat.com/show_bug.cgi?id=1507295 [ 4 ] Bug #1495236 - CVE-2017-7550 ansible: jenkins_plugin module exposes passwords in remote host logs [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1495236 --------------------------------------------------------------------------------This update can be installed with the "dnf"update program. Use su -c 'dnf upgrade ansible' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 11, 2017
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!