Package "ansible"
Name: |
ansible
|
Description: |
Configuration management, deployment, and task execution system
|
Latest version: |
2.0.0.2-2ubuntu1.3 |
Release: |
xenial (16.04) |
Level: |
updates |
Repository: |
universe |
Homepage: |
http://ansible.com |
Links
Download "ansible"
Other versions of "ansible" in Xenial
Packages in group
Deleted packages are displayed in grey.
Changelog
ansible (2.0.0.2-2ubuntu1.3) xenial-security; urgency=medium
* SECURITY REGRESSION: Fix indentation, missing dependencies, and calls.
- debian/patches/CVE-2018-10875.patch: Fix indentation and dependency.
- debian/patches/CVE-2018-16837.patch: Fix dependency.
- debian/patches/CVE-2017-7481.patch: Fix function call.
- CVE-2017-7481
- CVE-2018-10875
- CVE-2018-16837
-- Paulo Flabiano Smorigo <email address hidden> Wed, 17 Jul 2019 21:47:58 -0300
|
Source diff to previous version |
CVE-2018-10875 |
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module pat |
CVE-2018-16837 |
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases c |
CVE-2017-7481 |
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of looku |
|
ansible (2.0.0.2-2ubuntu1.2) xenial-security; urgency=medium
* SECURITY UPDATE: Fix vulnerability where a local user could use symlinks
to write arbitrary files or gain privileges.
- debian/patches/CVE-2016-3096.patch: Do not use a predictable filenames
in the LXC plugin.
- CVE-2016-3096
* SECURITY UPDATE: Avoid unicode strings injection.
- debian/patches/CVE-2017-7481.patch: Fixing security issue with lookup
returns not tainting the jinja2 environment.
- CVE-2017-7481
* SECURITY UPDATE: Fix a flaw in ansible.cfg where an attacker could point
to a plugin or a module path under control and execute arbitrary code.
- debian/patches/CVE-2018-10875.patch: Ignore ansible.cfg in world
writable cwd.
- CVE-2018-10875
* SECURITY UPDATE: Avoid information disclosure in log and command line.
- debian/patches/CVE-2018-16837.patch: user: Don't pass ssh_key_passphrase
on command line.
- CVE-2018-16837
-- Paulo Flabiano Smorigo <email address hidden> Fri, 12 Jul 2019 11:48:46 -0300
|
Source diff to previous version |
CVE-2016-3096 |
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary file |
CVE-2017-7481 |
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of looku |
CVE-2018-10875 |
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module pat |
CVE-2018-16837 |
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases c |
|
ansible (2.0.0.2-2ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: Arbitrary command execution on ansible controller
- debian/patches/CVE-2016-9587-1.patch: Fixing security bugs by sanitizing
facts
- debian/patches/CVE-2016-9587-2.patch: Additional fixes for security
- NOTE: When CVE-2016-9587 was fixed, it included commit
bcceada5d9b78ad77069c78226f8e9b336ff8949. It was found that it was still
possible to exploit the vulnerability after this commit. Commit
0d418789a298561fded9bce977d34babc9097079 reverted bcceada5 and resolved
CVE-2017-7466. By not applying commit bcceada5, CVE-2017-7466 is
resolved. See https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466
for more detail.
- CVE-2016-8628, CVE-2016-9587, CVE-2017-7466
-- Mike Salvatore <email address hidden> Fri, 17 Aug 2018 10:50:20 -0400
|
Source diff to previous version |
CVE-2016-9587 |
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacke |
CVE-2017-7466 |
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a cl |
CVE-2016-8628 |
Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create speci |
|
ansible (2.0.0.2-2ubuntu1) xenial; urgency=medium
* Fix EEXISTS (should be EEXIST) (LP: #1631996)
-- Serge Hallyn <email address hidden> Mon, 10 Oct 2016 12:59:42 -0500
|
1631996 |
syntax error: EEXISTS should be EEXIST |
|
About
-
Send Feedback to @ubuntu_updates