Package "ansible"
Name: |
ansible
|
Description: |
Configuration management, deployment, and task execution system
|
Latest version: |
2.5.1+dfsg-1ubuntu0.1 |
Release: |
bionic (18.04) |
Level: |
updates |
Repository: |
universe |
Homepage: |
https://www.ansible.com |
Links
Download "ansible"
Other versions of "ansible" in Bionic
Changelog
ansible (2.5.1+dfsg-1ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Fix a vulnerability in inventory variables where an
attacker could run arbitrary code.
- debian/patches/CVE-2018-10874.patch: Avoid loading vars on unspecified
basedir (cwd).
- CVE-2018-10874
* SECURITY UPDATE: Fix a flaw in ansible.cfg where an attacker could point
to a plugin or a module path under control and execute arbitrary code.
- debian/patches/CVE-2018-10875.patch: Ignore ansible.cfg in world
writable cwd.
- CVE-2018-10875
* SECURITY UPDATE: Avoid information disclosure in log and command line.
- debian/patches/CVE-2018-10855.patch: no_log even when task_result
doesn't provide key.
- debian/patches/CVE-2018-16837.patch: user: Don't pass ssh_key_passphrase
on command line.
- debian/patches/CVE-2018-16876.patch: Ensure ssh retry respects no log.
- CVE-2018-10855
- CVE-2018-16837
- CVE-2018-16876
* SECURITY UPDATE: Fix traversal path vulnerability which allows copying
and overwriting files outside of the specified destination in the local
ansible controller host, by not restricting an absolute path.
- debian/patches/CVE-2019-3828.patch: Disallow use of remote home
directories containing ".." in their path
- CVE-2019-3828
* SECURITY UPDATE: Sensitive information could be exposed to remote node.
- debian/patches/CVE-2019-10156-1.patch: Don't pass locals.
- debian/patches/CVE-2019-10156-2.patch: Fixed tests.
- CVE-2019-10156
-- Paulo Flabiano Smorigo <email address hidden> Thu, 11 Jul 2019 17:55:43 -0300
|
CVE-2018-10874 |
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's con |
CVE-2018-10875 |
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module pat |
CVE-2018-10855 |
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect |
CVE-2018-16837 |
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases c |
CVE-2018-16876 |
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of |
CVE-2019-3828 |
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of t |
CVE-2019-10156 |
templating causing an unexpected key file to be set on remote node |
|
About
-
Send Feedback to @ubuntu_updates