Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4396-1] ansible security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4396-1] ansible security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4396-1] ansible security update
  • Date: Tue, 19 Feb 2019 21:54:58 +0000
  • List-archive: https://lists.debian.org/msgid-search/20190219215458.lpjj5kg4ju4yagwf AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Tue, 19 Feb 2019 21:55:12 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <pmrldJ0E2O.A.dh.AtHbcB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4396-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 19, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ansible
CVE ID : CVE-2018-10855 CVE-2018-10875 CVE-2018-16837 CVE-2018-16876
CVE-2019-3828

Several vulnerabilities have been found in Ansible, a configuration
management, deployment, and task execution system:

CVE-2018-10855 / CVE-2018-16876

The no_log task flag wasn't honored, resulting in an information leak.

CVE-2018-10875

ansible.cfg was read from the current working directory.

CVE-2018-16837

The user module leaked parameters passed to ssh-keygen to the process
environment.

CVE-2019-3828

The fetch module was susceptible to path traversal.

For the stable distribution (stretch), these problems have been fixed in
version 2.2.1.0-2+deb9u1.

We recommend that you upgrade your ansible packages.

For the detailed security status of ansible please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ansible

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlxsexYACgkQEMKTtsN8
TjY67xAAk1Fr8XGSUj2Q+J7PjEuPemV2xcfjXx34pVxRsMvbVtqqceJ9fYI+uoOa
64Pc23rmYLq9lM2Bc4t4yjzpKmxl54PnKKTkV8q5MO2FMtv8DPVG1556/AsnyBy8
SJhyuP4xSg+4wJ91xHxAuSBE9QlCiGMA7OjGhrJRGJ7+PF7cxCNNbIBkyGQm25E0
X8Qpdsz5wt2aCDldvjOyGpUOhLQ1ra3AKeqmF5NOc40iSEi+nm7wAsTtFK5Upok7
NB6qLkHza/3wauvVe01qKsjYVAkhCy9ZaHIDdqZ8ODnJUrAWCCGIzQrPu7kkEtWm
jqnYQI2mSgP7lcJWm2QwEvPr8r1Xgj72RG/3fTCc6hMadZcIpFUXQmx4NBwUJrTp
oLSLv+2GDRTxHZTwSlRHACT+sZ5h6yADR7JSsPG2WHQ3Rl+fh9Pp0IYAMTT/OoQx
6BWGA47UlbYTBHsSlEPzxd8Ti30hHUXMdnnSbueUJ8S6F+wCTDndJkLioy+6iAPz
XIQXoWkj5tZZ6vlObj5eVW59pWUa6FKbKwmHykhsEhILDAfTt5PSnYM1uByDQvNc
Iv/2mKjKyoQXcBuKEJPaVYMirDb7Eub6RUOrjiiu/GSpVTB6CfR1sVmmM4GfKpTN
jLOL6Sz4bZ51n+IHBuQGpgiDV3aeoPXaXJKZt0I35civ9fqIj3c=
=R7R0
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4396-1] ansible security update, Moritz Muehlenhoff, 19.02.2019

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang