ID FEDORA:F22D3604CCF2 Type fedora Reporter Fedora Modified 2019-03-03T03:24:34
Description
Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
{"id": "FEDORA:F22D3604CCF2", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 28 Update: ansible-2.7.8-1.fc28", "description": "Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. ", "published": "2019-03-03T03:24:34", "modified": "2019-03-03T03:24:34", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2018-10855", "CVE-2018-10874", "CVE-2018-10875", "CVE-2019-3828"], "lastseen": "2020-12-21T08:17:55", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310844105", "OPENVAS:1361412562310875374", "OPENVAS:1361412562310874804", "OPENVAS:1361412562310704396", "OPENVAS:1361412562310874737", "OPENVAS:1361412562310877583", "OPENVAS:1361412562310875491", "OPENVAS:1361412562310874822", "OPENVAS:1361412562310876219", "OPENVAS:1361412562310874735"]}, {"type": "cve", "idList": ["CVE-2018-10874", "CVE-2018-10855", "CVE-2018-10875", "CVE-2019-3828"]}, {"type": "redhat", "idList": ["RHSA-2018:2152", "RHSA-2018:1949", "RHSA-2019:0054", "RHSA-2018:2166", "RHSA-2018:2321", "RHSA-2018:2184", "RHSA-2018:2585", "RHSA-2018:1948", "RHSA-2018:2150", "RHSA-2018:2151"]}, {"type": "fedora", "idList": ["FEDORA:6A7B260311CF", "FEDORA:43431607A3DD", "FEDORA:7D24C671BF6A", "FEDORA:8A04062870D4", "FEDORA:4AAB4601CACB", "FEDORA:190DB6094E70", "FEDORA:E294F602179E", "FEDORA:700EE60C0CED"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2018-2152.NASL", "REDHAT-RHSA-2018-2166.NASL", "FEDORA_2018-1D2BC76093.NASL", "REDHAT-RHSA-2018-2151.NASL", "OPENSUSE-2019-1125.NASL", "UBUNTU_USN-4072-1.NASL", "FEDORA_2018-53790A5236.NASL", "REDHAT-RHSA-2018-2321.NASL", "DEBIAN_DSA-4396.NASL", "REDHAT-RHSA-2018-2150.NASL"]}, {"type": "ubuntu", "idList": ["USN-4072-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4396-1:65A61", "DEBIAN:DLA-1923-1:2C401"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1125-1", "OPENSUSE-SU-2019:1635-1", "OPENSUSE-SU-2019:0238-1", "OPENSUSE-SU-2019:1858-1"]}, {"type": "github", "idList": ["GHSA-JWCC-J78W-J73W", "GHSA-74VQ-H4Q8-X6JV"]}], "modified": "2020-12-21T08:17:55", "rev": 2}, "score": {"value": 7.2, "vector": "NONE", "modified": "2020-12-21T08:17:55", "rev": 2}, "vulnersScore": 7.2}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "28", "arch": "any", "packageName": "ansible", "packageVersion": "2.7.8", "packageFilename": "UNKNOWN", "operator": "lt"}]}
{"openvas": [{"lastseen": "2020-06-09T18:19:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3828", "CVE-2018-10855", "CVE-2018-10874", "CVE-2018-10875"], "description": "The remote host is missing an update for the ", "modified": "2020-06-05T00:00:00", "published": "2019-03-04T00:00:00", "id": "OPENVAS:1361412562310875491", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875491", "type": "openvas", "title": "Fedora Update for ansible FEDORA-2019-c54511eaab", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875491\");\n script_version(\"2020-06-05T10:36:02+0000\");\n script_cve_id(\"CVE-2019-3828\", \"CVE-2018-10874\", \"CVE-2018-10875\", \"CVE-2018-10855\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-05 10:36:02 +0000 (Fri, 05 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-03-04 04:11:36 +0100 (Mon, 04 Mar 2019)\");\n script_name(\"Fedora Update for ansible FEDORA-2019-c54511eaab\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-c54511eaab\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ICV6FI6L6NAGE7UAADZFIGR2GOMZFLL\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ansible'\n package(s) announced via the FEDORA-2019-c54511eaab advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"ansible on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"ansible\", rpm:\"ansible~2.7.8~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-09T19:06:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10855", "CVE-2018-10874", "CVE-2018-10875"], "description": "The remote host is missing an update for the ", "modified": "2020-06-05T00:00:00", "published": "2018-07-17T00:00:00", "id": "OPENVAS:1361412562310874822", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874822", "type": "openvas", "title": "Fedora Update for ansible FEDORA-2018-53790a5236", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ansible FEDORA-2018-53790a5236\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874822\");\n script_version(\"2020-06-05T10:36:02+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-05 10:36:02 +0000 (Fri, 05 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-07-17 06:04:58 +0200 (Tue, 17 Jul 2018)\");\n script_cve_id(\"CVE-2018-10874\", \"CVE-2018-10875\", \"CVE-2018-10855\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ansible FEDORA-2018-53790a5236\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ansible'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"ansible on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-53790a5236\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXI233BZDSKWWEFNPOFHDLZKBQHZWPCL\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"ansible\", rpm:\"ansible~2.6.1~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-09T19:03:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10855", "CVE-2018-10874", "CVE-2018-10875"], "description": "The remote host is missing an update for the ", "modified": "2020-06-05T00:00:00", "published": "2018-07-15T00:00:00", "id": "OPENVAS:1361412562310874804", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874804", "type": "openvas", "title": "Fedora Update for ansible FEDORA-2018-1d2bc76093", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ansible FEDORA-2018-1d2bc76093\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874804\");\n script_version(\"2020-06-05T10:36:02+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-05 10:36:02 +0000 (Fri, 05 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-07-15 06:02:35 +0200 (Sun, 15 Jul 2018)\");\n script_cve_id(\"CVE-2018-10874\", \"CVE-2018-10875\", \"CVE-2018-10855\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ansible FEDORA-2018-1d2bc76093\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ansible'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"ansible on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-1d2bc76093\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXWC5D7CU2JQAN3QB3BCCLZMZLTI2N6W\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"ansible\", rpm:\"ansible~2.6.1~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-09T18:58:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16876", "CVE-2018-10855", "CVE-2018-10874", "CVE-2018-10875"], "description": "The remote host is missing an update for the ", "modified": "2020-06-05T00:00:00", "published": "2018-12-24T00:00:00", "id": "OPENVAS:1361412562310875374", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875374", "type": "openvas", "title": "Fedora Update for ansible FEDORA-2018-615705632d", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ansible FEDORA-2018-615705632d\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875374\");\n script_version(\"2020-06-05T10:36:02+0000\");\n script_cve_id(\"CVE-2018-16876\", \"CVE-2018-10874\", \"CVE-2018-10875\", \"CVE-2018-10855\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-05 10:36:02 +0000 (Fri, 05 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-12-24 04:27:14 +0100 (Mon, 24 Dec 2018)\");\n script_name(\"Fedora Update for ansible FEDORA-2018-615705632d\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2018-615705632d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2S4WKR5LFE7EVVVBPGQCGX6JQFBG3AB\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ansible'\n package(s) announced via the FEDORA-2018-615705632d advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"ansible on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"ansible\", rpm:\"ansible~2.7.5~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-26T11:50:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16876", "CVE-2019-3828", "CVE-2017-7481", "CVE-2018-10855", "CVE-2018-10874", "CVE-2019-10156", "CVE-2018-10875", "CVE-2018-16837"], "description": "The remote host is missing an update for the ", "modified": "2019-07-25T00:00:00", "published": "2019-07-25T00:00:00", "id": "OPENVAS:1361412562310844105", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844105", "type": "openvas", "title": "Ubuntu Update for ansible USN-4072-1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844105\");\n script_version(\"2019-07-25T11:54:35+0000\");\n script_cve_id(\"CVE-2017-7481\", \"CVE-2018-10855\", \"CVE-2018-16837\", \"CVE-2018-16876\", \"CVE-2019-10156\", \"CVE-2018-10874\", \"CVE-2018-10875\", \"CVE-2019-3828\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-25 11:54:35 +0000 (Thu, 25 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-25 02:01:29 +0000 (Thu, 25 Jul 2019)\");\n script_name(\"Ubuntu Update for ansible USN-4072-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU19\\.04|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4072-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-July/005031.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ansible'\n package(s) announced via the USN-4072-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that Ansible failed to properly handle sensitive information.\nA local attacker could use those vulnerabilities to extract them.\n(CVE-2017-7481)\n(CVE-2018-10855)\n(CVE-2018-16837)\n(CVE-2018-16876)\n(CVE-2019-10156)\n\nIt was discovered that Ansible could load configuration files from the current\nworking directory containing crafted commands. An attacker could run arbitrary\ncode as result.\n(CVE-2018-10874)\n(CVE-2018-10875)\n\nIt was discovered that Ansible fetch module had a path traversal vulnerability.\nA local attacker could copy and overwrite files outside of the specified\ndestination.\n(CVE-2019-3828)\");\n\n script_tag(name:\"affected\", value:\"'ansible' package(s) on Ubuntu 19.04, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"ansible\", ver:\"2.5.1+dfsg-1ubuntu0.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"ansible\", ver:\"2.7.8+dfsg-1ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"ansible\", ver:\"2.0.0.2-2ubuntu1.3\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-09T18:34:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16876", "CVE-2019-3828", "CVE-2018-10855", "CVE-2018-10875", "CVE-2018-16837"], "description": "Several vulnerabilities have been found in Ansible, a configuration\nmanagement, deployment, and task execution system:\n\nCVE-2018-10855 / CVE-2018-16876\nThe no_log task flag wasn", "modified": "2020-06-05T00:00:00", "published": "2019-02-19T00:00:00", "id": "OPENVAS:1361412562310704396", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704396", "type": "openvas", "title": "Debian Security Advisory DSA 4396-1 (ansible - security update)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704396\");\n script_version(\"2020-06-05T10:36:02+0000\");\n script_cve_id(\"CVE-2018-10855\", \"CVE-2018-10875\", \"CVE-2018-16837\", \"CVE-2018-16876\", \"CVE-2019-3828\");\n script_name(\"Debian Security Advisory DSA 4396-1 (ansible - security update)\");\n script_tag(name:\"last_modification\", value:\"2020-06-05 10:36:02 +0000 (Fri, 05 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-19 00:00:00 +0100 (Tue, 19 Feb 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4396.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"ansible on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 2.2.1.0-2+deb9u1.\n\nWe recommend that you upgrade your ansible packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/ansible\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been found in Ansible, a configuration\nmanagement, deployment, and task execution system:\n\nCVE-2018-10855 / CVE-2018-16876\nThe no_log task flag wasn't honored, resulting in an information leak.\n\nCVE-2018-10875\nansible.cfg was read from the current working directory.\n\nCVE-2018-16837\nThe user module leaked parameters passed to ssh-keygen to the process\nenvironment.\n\nCVE-2019-3828\nThe fetch module was susceptible to path traversal.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"ansible\", ver:\"2.2.1.0-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-09T17:41:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10206", "CVE-2020-1739", "CVE-2019-10217", "CVE-2019-3828", "CVE-2018-10855", "CVE-2018-10874", "CVE-2019-10156", "CVE-2018-10875", "CVE-2020-1737"], "description": "The remote host is missing an update for the ", "modified": "2020-06-05T00:00:00", "published": "2020-03-17T00:00:00", "id": "OPENVAS:1361412562310877583", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877583", "type": "openvas", "title": "Fedora: Security Advisory for ansible (FEDORA-2020-87f5e1e829)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877583\");\n script_version(\"2020-06-05T10:36:02+0000\");\n script_cve_id(\"CVE-2020-1737\", \"CVE-2020-1739\", \"CVE-2019-10217\", \"CVE-2019-10206\", \"CVE-2019-10156\", \"CVE-2019-3828\", \"CVE-2018-10874\", \"CVE-2018-10875\", \"CVE-2018-10855\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-05 10:36:02 +0000 (Fri, 05 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-17 04:08:30 +0000 (Tue, 17 Mar 2020)\");\n script_name(\"Fedora: Security Advisory for ansible (FEDORA-2020-87f5e1e829)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-87f5e1e829\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ansible'\n package(s) announced via the FEDORA-2020-87f5e1e829 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Ansible is a radically simple model-driven configuration management,\nmulti-node deployment, and remote task execution system. Ansible works\nover SSH and does not require any software or daemons to be installed\non remote nodes. Extension modules can be written in any language and\nare transferred to managed machines automatically.\");\n\n script_tag(name:\"affected\", value:\"'ansible' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ansible\", rpm:\"ansible~2.9.6~1.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-06-09T19:03:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10855"], "description": "The remote host is missing an update for the ", "modified": "2020-06-05T00:00:00", "published": "2018-06-25T00:00:00", "id": "OPENVAS:1361412562310874737", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874737", "type": "openvas", "title": "Fedora Update for ansible FEDORA-2018-b619637e45", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ansible FEDORA-2018-b619637e45\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874737\");\n script_version(\"2020-06-05T10:36:02+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-05 10:36:02 +0000 (Fri, 05 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-06-25 06:06:28 +0200 (Mon, 25 Jun 2018)\");\n script_cve_id(\"CVE-2018-10855\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ansible FEDORA-2018-b619637e45\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ansible'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"ansible on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-b619637e45\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILGCAZWUN7RSPO3IEB46IIDRMCI3ALP3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"ansible\", rpm:\"ansible~2.5.5~2.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-09T19:06:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10855"], "description": "The remote host is missing an update for the ", "modified": "2020-06-05T00:00:00", "published": "2018-06-25T00:00:00", "id": "OPENVAS:1361412562310874735", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874735", "type": "openvas", "title": "Fedora Update for ansible FEDORA-2018-1a6e6196b9", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ansible FEDORA-2018-1a6e6196b9\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874735\");\n script_version(\"2020-06-05T10:36:02+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-05 10:36:02 +0000 (Fri, 05 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-06-25 06:05:13 +0200 (Mon, 25 Jun 2018)\");\n script_cve_id(\"CVE-2018-10855\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ansible FEDORA-2018-1a6e6196b9\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ansible'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"ansible on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-1a6e6196b9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIYPDLUWDGXDTW2Z4ZPTONLRL27IVFDB\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"ansible\", rpm:\"ansible~2.5.5~2.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-27T18:14:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3828"], "description": "The remote host is missing an update for the ", "modified": "2020-05-26T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310876219", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876219", "type": "openvas", "title": "Fedora Update for ansible FEDORA-2019-7d1a63acc8", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876219\");\n script_version(\"2020-05-26T08:07:04+0000\");\n script_cve_id(\"CVE-2019-3828\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-05-26 08:07:04 +0000 (Tue, 26 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:39:23 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for ansible FEDORA-2019-7d1a63acc8\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-7d1a63acc8\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAPPN6IGB2JEMLJG6UIZS6XRYGDRBYD2\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ansible'\n package(s) announced via the FEDORA-2019-7d1a63acc8 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Ansible is a radically simple model-driven configuration management,\nmulti-node deployment, and remote task execution system. Ansible works\nover SSH and does not require any software or daemons to be installed\non remote nodes. Extension modules can be written in any language and\nare transferred to managed machines automatically.\n\nThis package installs versions of ansible that execute on Python3.\");\n\n script_tag(name:\"affected\", value:\"'ansible' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ansible\", rpm:\"ansible~2.7.8~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N"}}], "cve": [{"lastseen": "2020-10-03T13:20:09", "description": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-02T13:29:00", "title": "CVE-2018-10874", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10874"], "modified": "2019-07-25T02:15:00", "cpe": ["cpe:/a:redhat:ansible_engine:2.5", "cpe:/a:redhat:openstack:12", "cpe:/a:redhat:ansible_engine:2.6", "cpe:/a:redhat:virtualization:4.0", "cpe:/a:redhat:virtualization_host:4.0", "cpe:/a:redhat:ansible_engine:2.0", "cpe:/a:redhat:ansible_engine:2.4", "cpe:/a:redhat:openstack:13.0", "cpe:/a:redhat:openstack:10"], "id": "CVE-2018-10874", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10874", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openstack:13.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:ansible_engine:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:20:09", "description": "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-07-13T22:29:00", "title": "CVE-2018-10875", "type": "cve", "cwe": ["CWE-426"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10875"], "modified": "2020-05-29T18:20:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:redhat:ceph_storage:2.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:redhat:ansible_engine:2.5", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/a:suse:package_hub:-", "cpe:/a:redhat:ceph_storage:3.0", "cpe:/a:redhat:openshift:3.0", "cpe:/a:redhat:openstack:12", "cpe:/a:redhat:gluster_storage:3.0.0", "cpe:/a:redhat:ansible_engine:2.6", "cpe:/a:redhat:virtualization:4.0", "cpe:/a:redhat:virtualization_host:4.0", "cpe:/a:redhat:ansible_engine:2.0", "cpe:/a:redhat:ansible_engine:2.4", "cpe:/a:redhat:openstack:13.0", "cpe:/a:redhat:openstack:10", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-10875", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10875", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:ceph_storage:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openstack:13.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:redhat:ansible_engine:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:gluster_storage:3.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:31", "description": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.", "edition": 8, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2018-07-03T01:29:00", "title": "CVE-2018-10855", "type": "cve", "cwe": ["CWE-532"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10855"], "modified": "2020-05-29T18:19:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:redhat:cloudforms:4.6", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/a:redhat:openstack:12", "cpe:/a:redhat:ansible_engine:2.5.5", "cpe:/a:redhat:virtualization:4.0", "cpe:/a:redhat:ansible_engine:2.0", "cpe:/a:redhat:openstack:13.0", "cpe:/a:redhat:openstack:10", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-10855", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10855", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openstack:13.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:ansible_engine:2.5.5:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:52", "description": "Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.", "edition": 11, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2019-03-27T13:29:00", "title": "CVE-2019-3828", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3828"], "modified": "2020-05-21T14:55:00", "cpe": [], "id": "CVE-2019-3828", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3828", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": []}], "redhat": [{"lastseen": "2020-05-31T11:52:14", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10855", "CVE-2018-10874", "CVE-2018-10875"], "description": "Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version: ansible (2.4.5)\n\nSecurity Fix(es):\n\n* ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)\n\n* ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.\n\nRed Hat would like to thank Tobias Henkel (BMW Car IT GmbH), Brian Coca (Red Hat), and Michael Scherer (OSAS) for reporting this issue.", "modified": "2018-08-29T19:56:56", "published": "2018-08-29T19:55:13", "id": "RHSA-2018:2585", "href": "https://access.redhat.com/errata/RHSA-2018:2585", "type": "redhat", "title": "(RHSA-2018:2585) Moderate: ansible security update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-31T11:52:49", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10855", "CVE-2018-10874", "CVE-2018-10875"], "description": "Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.\n\nSecurity Fix(es):\n\n* ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)\n\n* ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting CVE-2018-10855 and Michael Scherer (OSAS) for reporting CVE-2018-10874. The CVE-2018-10875 issue was discovered by Brian Coca (Red Hat).", "modified": "2019-01-16T21:52:34", "published": "2019-01-16T21:49:56", "id": "RHSA-2019:0054", "href": "https://access.redhat.com/errata/RHSA-2019:0054", "type": "redhat", "title": "(RHSA-2019:0054) Moderate: ansible security update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-31T11:50:27", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10874", "CVE-2018-10875"], "description": "Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version: ansible (2.6.1)\n\nSecurity fix(es):\n\n* ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nThis issue was discovered by Brian Coca (Red Hat), and Michael Scherer (OSAS).\n\nBug Fix(es):\n\n* Fix junos_config confirm commit timeout issue (https://github.com/ansible/ansible/pull/41527)\n\n* file module - The touch subcommand had its diff output broken during the 2.6.x development cycle. The patch to fix that broke check mode. This is now fixed (https://github.com/ansible/ansible/issues/42111)\n\n* inventory manager - This fixes required options being populated before the inventory config file is read, so the required options may be set in the config file.\n\n* nsupdate - allow hmac-sha384 https://github.com/ansible/ansible/pull/42209\n\n* win_domain - fixes typo in one of the AD cmdlets https://github.com/ansible/ansible/issues/41536\n\n* win_group_membership - uses the internal Ansible SID conversion logic and uses that when comparing group membership instead of the name https://github.com/ansible/ansible/issues/40649", "modified": "2018-07-10T15:25:53", "published": "2018-07-10T15:24:48", "id": "RHSA-2018:2151", "href": "https://access.redhat.com/errata/RHSA-2018:2151", "type": "redhat", "title": "(RHSA-2018:2151) Moderate: ansible security and bug fix update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-31T11:50:10", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10874", "CVE-2018-10875"], "description": "Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version: ansible (2.6.1)\n\nSecurity fix(es):\n\n* ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nThis issue was discovered by Brian Coca (Red Hat), and Michael Scherer (OSAS).\n\nBug Fix(es):\n\n* Fix junos_config confirm commit timeout issue (https://github.com/ansible/ansible/pull/41527)\n\n* file module - The touch subcommand had its diff output broken during the 2.6.x development cycle. The patch to fix that broke check mode. This is now fixed (https://github.com/ansible/ansible/issues/42111)\n\n* inventory manager - This fixes required options being populated before the inventory config file is read, so the required options may be set in the config file.\n\n* nsupdate - allow hmac-sha384 https://github.com/ansible/ansible/pull/42209\n\n* win_domain - fixes typo in one of the AD cmdlets https://github.com/ansible/ansible/issues/41536\n\n* win_group_membership - uses the internal Ansible SID conversion logic and uses that when comparing group membership instead of the name https://github.com/ansible/ansible/issues/40649", "modified": "2018-07-10T21:14:15", "published": "2018-07-10T21:12:40", "id": "RHSA-2018:2166", "href": "https://access.redhat.com/errata/RHSA-2018:2166", "type": "redhat", "title": "(RHSA-2018:2166) Moderate: ansible security and bug fix update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-31T11:50:35", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10874", "CVE-2018-10875"], "description": "Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version: ansible (2.5.6)\n\nSecurity fix(es):\n\n* ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nThis issue was discovered by Brian Coca (Red Hat), and Michael Scherer (OSAS).\n\nBug Fix(es):\n\n* Restore module_utils.basic.BOOLEANS variable for backwards compatibility with the module API in older ansible releases.\n\n* lineinfile - add warning when using an empty regexp (https://github.com/ansible/ansible/issues/29443)\n\n* apt - fix apt-mark on debian6 (https://github.com/ansible/ansible/pull/41530)\n\n* copy module - fixed recursive copy with relative paths (https://github.com/ansible/ansible/pull/40166)\n\n* correct debug display for all cases https://github.com/ansible/ansible/pull/41331\n\n* eos_l2_interface - fix eapi (https://github.com/ansible/ansible/pull/42270)\n\n* group_by - support implicit localhost (https://github.com/ansible/ansible/pull/41860)\n\n* influxdb_query - fixed the use of the common return 'results' caused an unexpected fault. The return is renamed to 'query_results'\n\n* junos_config - fix confirm commit timeout issue (https://github.com/ansible/ansible/pull/41527)\n\n* lineinfile - fix insertbefore when used with BOF to not insert duplicate lines (https://github.com/ansible/ansible/issues/38219)\n\n* nsupdate - allow hmac-sha384 https://github.com/ansible/ansible/pull/42209\n\n* nxos_linkagg - fix issue (https://github.com/ansible/ansible/pull/41550).\n\n* nxos_vxlan_vtep_vni - fix issue (https://github.com/ansible/ansible/pull/42240)\n\n* uses correct conn info for reset_connection https://github.com/ansible/ansible/issues/27520\n\n* correct service facts systemd detection of state https://github.com/ansible/ansible/issues/40809\n\n* correctly check hostvars for vars term https://github.com/ansible/ansible/pull/41819\n\n* vyos_vlan - fix aggregate configuration issues (https://github.com/ansible/ansible/pull/41638)\n\n* win_domain - fixes typo in one of the AD cmdlets https://github.com/ansible/ansible/issues/41536\n\n* win_iis_webapppool - redirect some module output to null so Ansible can read the output JSON https://github.com/ansible/ansible/issues/40874\n\n* win_updates - Fixed issue where running win_updates on async fails without any error\n\n* winrm - ensure pexpect is set to not echo the input on a failure and have a manual sanity check afterwards https://github.com/ansible/ansible/issues/41865", "modified": "2018-07-10T13:41:41", "published": "2018-07-10T13:40:07", "id": "RHSA-2018:2150", "href": "https://access.redhat.com/errata/RHSA-2018:2150", "type": "redhat", "title": "(RHSA-2018:2150) Moderate: ansible security and bug fix update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-31T11:52:45", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10874", "CVE-2018-10875"], "description": "Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version: ansible (2.4.6)\n\nSecurity fix(es):\n\n* ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nThis issue was discovered by Brian Coca (Red Hat), and Michael Scherer (OSAS).", "modified": "2018-07-10T16:48:49", "published": "2018-07-10T16:47:35", "id": "RHSA-2018:2152", "href": "https://access.redhat.com/errata/RHSA-2018:2152", "type": "redhat", "title": "(RHSA-2018:2152) Moderate: ansible security update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-31T11:52:48", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10874", "CVE-2018-10875"], "description": "The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.\n\nThe ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.\n\nThe following packages have been upgraded to a later upstream version: imgbased (1.0.22), redhat-release-virtualization-host (4.2), redhat-virtualization-host (4.2). (BZ#1596545, BZ#1607722, BZ#1607723)\n\nSecurity Fix(es):\n\n* ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Michael Scherer (OSAS) for reporting CVE-2018-10874. The CVE-2018-10875 issue was discovered by Brian Coca (Red Hat).", "modified": "2018-07-31T21:25:10", "published": "2018-07-31T21:19:42", "id": "RHSA-2018:2321", "href": "https://access.redhat.com/errata/RHSA-2018:2321", "type": "redhat", "title": "(RHSA-2018:2321) Moderate: Red Hat Virtualization security, bug fix, and enhancement update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-31T11:50:52", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10855"], "description": "Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version: ansible (2.5.5)\n\nSecurity fix(es):\n\n* ansible: Ansible through version 2.5 does not properly honour the no_log option with failed task iterations. When a list of secret items is supplied to a task and a task iteration fails, secrets can be disclosed in logs despite the no_log option being enabled. (CVE-2018-10855)\n\nRed Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for\nreporting these issues.\n\nBug Fix(es):\n\n* Changed the admin_users config option to not include \"admin\" by default\nas admin is frequently used for a non-privileged account\n(https://github.com/ansible/ansible/pull/41164)\n\n* aws_s3 - add async support to the action plugin\n(https://github.com/ansible/ansible/pull/40826)\n\n* aws_s3 - fix decrypting vault files\n(https://github.com/ansible/ansible/pull/39634)\n\n* ec2_ami - cast the device_mapping volume size to an int\n(https://github.com/ansible/ansible/pull/40938)\n\n* eos_logging - fix idempotency issues\n(https://github.com/ansible/ansible/pull/40604)\n\n* cache plugins - a cache timeout of 0 means the cache will not expire.\n\n* ios_logging - fix idempotency issues\n(https://github.com/ansible/ansible/pull/41029)\n\n* ios/nxos/eos_config - don't retrieve config in running_config when config\nis provided for diff (https://github.com/ansible/ansible/pull/41400)\n\n* nxos_banner - fix multiline banner issue\n(https://github.com/ansible/ansible/pull/41026).\n\n* nxos terminal plugin - fix output truncation\n(https://github.com/ansible/ansible/pull/40960)\n\n* nxos_l3_interface - fix no switchport issue with loopback and svi\ninterfaces (https://github.com/ansible/ansible/pull/37392).\n\n* nxos_snapshot - fix compare_option\n(https://github.com/ansible/ansible/pull/41386)\n\nSee\nhttps://github.com/ansible/ansible/blob/v2.5.5/changelogs/CHANGELOG-v2.5.rst\nfor details on this release.", "modified": "2018-06-19T23:18:38", "published": "2018-06-19T23:17:37", "id": "RHSA-2018:1948", "href": "https://access.redhat.com/errata/RHSA-2018:1948", "type": "redhat", "title": "(RHSA-2018:1948) Moderate: ansible security and bug fix update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-31T11:50:30", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10855"], "description": "Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.\n\nSecurity fix(es):\n\n* ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)\n\nRed Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting these issues.\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in the\nReferences section.\n\nAdditional Changes:\n\nThis update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document.", "modified": "2018-07-12T17:04:56", "published": "2018-07-12T17:03:55", "id": "RHSA-2018:2184", "href": "https://access.redhat.com/errata/RHSA-2018:2184", "type": "redhat", "title": "(RHSA-2018:2184) Moderate: CloudForms 4.6.3 bug fix and enhancement update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-31T11:52:47", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10855"], "description": "Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version: ansible (2.5.5)\n\nSecurity fix(es):\n\n* ansible: Ansible through version 2.5 does not properly honour the no_log option with failed task iterations. When a list of secret items is supplied to a task and a task iteration fails, secrets can be disclosed in logs despite the no_log option being enabled. (CVE-2018-10855)\n\nRed Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for\nreporting these issues.\n\nBug Fix(es):\n\n* Changed the admin_users config option to not include \"admin\" by default\nas admin is frequently used for a non-privileged account\n(https://github.com/ansible/ansible/pull/41164)\n\n* aws_s3 - add async support to the action plugin\n(https://github.com/ansible/ansible/pull/40826)\n\n* aws_s3 - fix decrypting vault files\n(https://github.com/ansible/ansible/pull/39634)\n\n* ec2_ami - cast the device_mapping volume size to an int\n(https://github.com/ansible/ansible/pull/40938)\n\n* eos_logging - fix idempotency issues\n(https://github.com/ansible/ansible/pull/40604)\n\n* cache plugins - a cache timeout of 0 means the cache will not expire.\n\n* ios_logging - fix idempotency issues\n(https://github.com/ansible/ansible/pull/41029)\n\n* ios/nxos/eos_config - don't retrieve config in running_config when config\nis provided for diff (https://github.com/ansible/ansible/pull/41400)\n\n* nxos_banner - fix multiline banner issue\n(https://github.com/ansible/ansible/pull/41026).\n\n* nxos terminal plugin - fix output truncation\n(https://github.com/ansible/ansible/pull/40960)\n\n* nxos_l3_interface - fix no switchport issue with loopback and svi\ninterfaces (https://github.com/ansible/ansible/pull/37392).\n\n* nxos_snapshot - fix compare_option\n(https://github.com/ansible/ansible/pull/41386)\n\nSee\nhttps://github.com/ansible/ansible/blob/v2.5.5/changelogs/CHANGELOG-v2.5.rst\nfor details on this release.", "modified": "2018-06-19T23:18:59", "published": "2018-06-19T23:17:41", "id": "RHSA-2018:1949", "href": "https://access.redhat.com/errata/RHSA-2018:1949", "type": "redhat", "title": "(RHSA-2018:1949) Moderate: ansible security and bug fix update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10855", "CVE-2018-10874", "CVE-2018-10875"], "description": "Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. ", "modified": "2018-07-12T14:21:51", "published": "2018-07-12T14:21:51", "id": "FEDORA:700EE60C0CED", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: ansible-2.6.1-1.fc28", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10855", "CVE-2018-10874", "CVE-2018-10875"], "description": "Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. ", "modified": "2018-07-16T17:38:00", "published": "2018-07-16T17:38:00", "id": "FEDORA:8A04062870D4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: ansible-2.6.1-1.fc27", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10855", "CVE-2018-10874", "CVE-2018-10875", "CVE-2018-16876"], "description": "Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. ", "modified": "2018-12-24T01:48:57", "published": "2018-12-24T01:48:57", "id": "FEDORA:E294F602179E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: ansible-2.7.5-1.fc28", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10855", "CVE-2018-10874", "CVE-2018-10875", "CVE-2019-10156", "CVE-2019-10206", "CVE-2019-10217", "CVE-2019-3828", "CVE-2020-1737", "CVE-2020-1739"], "description": "Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. ", "modified": "2020-03-16T20:49:58", "published": "2020-03-16T20:49:58", "id": "FEDORA:190DB6094E70", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: ansible-2.9.6-1.fc32", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10855"], "description": "Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. ", "modified": "2018-06-24T20:10:48", "published": "2018-06-24T20:10:48", "id": "FEDORA:4AAB4601CACB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: ansible-2.5.5-2.fc27", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10855"], "description": "Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. ", "modified": "2018-06-24T20:51:06", "published": "2018-06-24T20:51:06", "id": "FEDORA:6A7B260311CF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: ansible-2.5.5-2.fc28", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3828"], "description": " Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. This package installs versions of ansible that execute on Python3. ", "modified": "2019-03-01T02:41:12", "published": "2019-03-01T02:41:12", "id": "FEDORA:43431607A3DD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: ansible-2.7.8-1.fc29", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10156", "CVE-2019-3828"], "description": " Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. This package installs versions of ansible that execute on Python3. ", "modified": "2019-06-18T02:21:05", "published": "2019-06-18T02:21:05", "id": "FEDORA:7D24C671BF6A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: ansible-2.8.1-1.fc29", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}}], "nessus": [{"lastseen": "2020-09-14T17:50:16", "description": "An update for ansible is now available for Ansible Engine 2.5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nAnsible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH\nand does not require any software or daemons to be installed on remote\nnodes. Extension modules can be written in any language and are\ntransferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.5.6)\n\nSecurity fix(es) :\n\n* ansible: Inventory variables are loaded from current working\ndirectory when running ad-hoc command that can lead to code execution\n(CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory\nallowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nThis issue was discovered by Brian Coca (Red Hat), and Michael Scherer\n(OSAS).\n\nBug Fix(es) :\n\n* Restore module_utils.basic.BOOLEANS variable for backwards\ncompatibility with the module API in older ansible releases.\n\n* lineinfile - add warning when using an empty regexp\n(https://github.com/ ansible/ansible/issues/29443)\n\n* apt - fix apt-mark on debian6\n(https://github.com/ansible/ansible/pull/ 41530)\n\n* copy module - fixed recursive copy with relative paths\n(https://github.com/ ansible/ansible/pull/40166)\n\n* correct debug display for all cases\nhttps://github.com/ansible/ansible/pull /41331\n\n* eos_l2_interface - fix eapi\n(https://github.com/ansible/ansible/pull/42270)\n\n* group_by - support implicit localhost\n(https://github.com/ansible/ansible/ pull/41860)\n\n* influxdb_query - fixed the use of the common return 'results' caused\nan unexpected fault. The return is renamed to 'query_results'\n\n* junos_config - fix confirm commit timeout issue\n(https://github.com/ansible /ansible/pull/41527)\n\n* lineinfile - fix insertbefore when used with BOF to not insert\nduplicate lines (https://github.com/ansible/ansible/issues/38219)\n\n* nsupdate - allow hmac-sha384\nhttps://github.com/ansible/ansible/pull/42209\n\n* nxos_linkagg - fix issue\n(https://github.com/ansible/ansible/pull/41550).\n\n* nxos_vxlan_vtep_vni - fix issue\n(https://github.com/ansible/ansible/pull/ 42240)\n\n* uses correct conn info for reset_connection\nhttps://github.com/ansible/ ansible/issues/27520\n\n* correct service facts systemd detection of state\nhttps://github.com/ansible /ansible/issues/40809\n\n* correctly check hostvars for vars term\nhttps://github.com/ansible/ansible/ pull/41819\n\n* vyos_vlan - fix aggregate configuration issues\n(https://github.com/ansible/ ansible/pull/41638)\n\n* win_domain - fixes typo in one of the AD cmdlets\nhttps://github.com/ansible /ansible/issues/41536\n\n* win_iis_webapppool - redirect some module output to null so Ansible\ncan read the output JSON\nhttps://github.com/ansible/ansible/issues/40874\n\n* win_updates - Fixed issue where running win_updates on async fails\nwithout any error\n\n* winrm - ensure pexpect is set to not echo the input on a failure and\nhave a manual sanity check afterwards\nhttps://github.com/ansible/ansible/issues/ 41865", "edition": 19, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-07-12T00:00:00", "title": "RHEL 7 : ansible (RHSA-2018:2150)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10874", "CVE-2018-10875"], "modified": "2018-07-12T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ansible", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:ansible-doc"], "id": "REDHAT-RHSA-2018-2150.NASL", "href": "https://www.tenable.com/plugins/nessus/111026", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:2150. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111026);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/01\");\n\n script_cve_id(\"CVE-2018-10874\", \"CVE-2018-10875\");\n script_xref(name:\"RHSA\", value:\"2018:2150\");\n\n script_name(english:\"RHEL 7 : ansible (RHSA-2018:2150)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for ansible is now available for Ansible Engine 2.5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nAnsible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH\nand does not require any software or daemons to be installed on remote\nnodes. Extension modules can be written in any language and are\ntransferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.5.6)\n\nSecurity fix(es) :\n\n* ansible: Inventory variables are loaded from current working\ndirectory when running ad-hoc command that can lead to code execution\n(CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory\nallowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nThis issue was discovered by Brian Coca (Red Hat), and Michael Scherer\n(OSAS).\n\nBug Fix(es) :\n\n* Restore module_utils.basic.BOOLEANS variable for backwards\ncompatibility with the module API in older ansible releases.\n\n* lineinfile - add warning when using an empty regexp\n(https://github.com/ ansible/ansible/issues/29443)\n\n* apt - fix apt-mark on debian6\n(https://github.com/ansible/ansible/pull/ 41530)\n\n* copy module - fixed recursive copy with relative paths\n(https://github.com/ ansible/ansible/pull/40166)\n\n* correct debug display for all cases\nhttps://github.com/ansible/ansible/pull /41331\n\n* eos_l2_interface - fix eapi\n(https://github.com/ansible/ansible/pull/42270)\n\n* group_by - support implicit localhost\n(https://github.com/ansible/ansible/ pull/41860)\n\n* influxdb_query - fixed the use of the common return 'results' caused\nan unexpected fault. The return is renamed to 'query_results'\n\n* junos_config - fix confirm commit timeout issue\n(https://github.com/ansible /ansible/pull/41527)\n\n* lineinfile - fix insertbefore when used with BOF to not insert\nduplicate lines (https://github.com/ansible/ansible/issues/38219)\n\n* nsupdate - allow hmac-sha384\nhttps://github.com/ansible/ansible/pull/42209\n\n* nxos_linkagg - fix issue\n(https://github.com/ansible/ansible/pull/41550).\n\n* nxos_vxlan_vtep_vni - fix issue\n(https://github.com/ansible/ansible/pull/ 42240)\n\n* uses correct conn info for reset_connection\nhttps://github.com/ansible/ ansible/issues/27520\n\n* correct service facts systemd detection of state\nhttps://github.com/ansible /ansible/issues/40809\n\n* correctly check hostvars for vars term\nhttps://github.com/ansible/ansible/ pull/41819\n\n* vyos_vlan - fix aggregate configuration issues\n(https://github.com/ansible/ ansible/pull/41638)\n\n* win_domain - fixes typo in one of the AD cmdlets\nhttps://github.com/ansible /ansible/issues/41536\n\n* win_iis_webapppool - redirect some module output to null so Ansible\ncan read the output JSON\nhttps://github.com/ansible/ansible/issues/40874\n\n* win_updates - Fixed issue where running win_updates on async fails\nwithout any error\n\n* winrm - ensure pexpect is set to not echo the input on a failure and\nhave a manual sanity check afterwards\nhttps://github.com/ansible/ansible/issues/ 41865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:2150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-10874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-10875\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected ansible and / or ansible-doc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansible-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:2150\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL7\", rpm:\"ansible-2.5\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Red Hat Ansible 2.5\");\n\n if (rpm_check(release:\"RHEL7\", reference:\"ansible-2.5.6-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"ansible-doc-2.5.6-1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ansible / ansible-doc\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T17:50:56", "description": "An update for redhat-virtualization-host is now available for Red Hat\nVirtualization 4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe redhat-virtualization-host packages provide the Red Hat\nVirtualization Host. These packages include\nredhat-release-virtualization-host, ovirt-node, and rhev-hypervisor.\nRed Hat Virtualization Hosts (RHVH) are installed using a special\nbuild of Red Hat Enterprise Linux with only the packages required to\nhost virtual machines. RHVH features a Cockpit user interface for\nmonitoring the host's resources and performing administrative tasks.\n\nThe ovirt-node-ng packages provide the Red Hat Virtualization Host.\nThese packages include redhat-release-virtualization-host, ovirt-node,\nand rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed\nusing a special build of Red Hat Enterprise Linux with only the\npackages required to host virtual machines. RHVH features a Cockpit\nuser interface for monitoring the host's resources and performing\nadministrative tasks.\n\nThe following packages have been upgraded to a later upstream version:\nimgbased (1.0.22), redhat-release-virtualization-host (4.2),\nredhat-virtualization-host (4.2). (BZ#1596545, BZ#1607722, BZ#1607723)\n\nSecurity Fix(es) :\n\n* ansible: Inventory variables are loaded from current working\ndirectory when running ad-hoc command that can lead to code execution\n(CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory\nallowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank Michael Scherer (OSAS) for reporting\nCVE-2018-10874. The CVE-2018-10875 issue was discovered by Brian Coca\n(Red Hat).", "edition": 19, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-08-02T00:00:00", "title": "RHEL 7 : Virtualization (RHSA-2018:2321)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10874", "CVE-2018-10875"], "modified": "2018-08-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:redhat-release-virtualization-host", "p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update-placeholder", "p-cpe:/a:redhat:enterprise_linux:python-imgbased", "p-cpe:/a:redhat:enterprise_linux:imgbased"], "id": "REDHAT-RHSA-2018-2321.NASL", "href": "https://www.tenable.com/plugins/nessus/111515", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:2321. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111515);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/01\");\n\n script_cve_id(\"CVE-2018-10874\", \"CVE-2018-10875\");\n script_xref(name:\"RHSA\", value:\"2018:2321\");\n\n script_name(english:\"RHEL 7 : Virtualization (RHSA-2018:2321)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for redhat-virtualization-host is now available for Red Hat\nVirtualization 4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe redhat-virtualization-host packages provide the Red Hat\nVirtualization Host. These packages include\nredhat-release-virtualization-host, ovirt-node, and rhev-hypervisor.\nRed Hat Virtualization Hosts (RHVH) are installed using a special\nbuild of Red Hat Enterprise Linux with only the packages required to\nhost virtual machines. RHVH features a Cockpit user interface for\nmonitoring the host's resources and performing administrative tasks.\n\nThe ovirt-node-ng packages provide the Red Hat Virtualization Host.\nThese packages include redhat-release-virtualization-host, ovirt-node,\nand rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed\nusing a special build of Red Hat Enterprise Linux with only the\npackages required to host virtual machines. RHVH features a Cockpit\nuser interface for monitoring the host's resources and performing\nadministrative tasks.\n\nThe following packages have been upgraded to a later upstream version:\nimgbased (1.0.22), redhat-release-virtualization-host (4.2),\nredhat-virtualization-host (4.2). (BZ#1596545, BZ#1607722, BZ#1607723)\n\nSecurity Fix(es) :\n\n* ansible: Inventory variables are loaded from current working\ndirectory when running ad-hoc command that can lead to code execution\n(CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory\nallowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank Michael Scherer (OSAS) for reporting\nCVE-2018-10874. The CVE-2018-10875 issue was discovered by Brian Coca\n(Red Hat).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:2321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-10874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-10875\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:imgbased\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-imgbased\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:redhat-release-virtualization-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update-placeholder\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:2321\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL7\", rpm:\"redhat-virtualization-host-image-update-4.2\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Virtualization\");\n\n if (rpm_check(release:\"RHEL7\", reference:\"imgbased-1.0.22-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-imgbased-1.0.22-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"redhat-release-virtualization-host-4.2-5.0.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"redhat-virtualization-host-image-update-4.2-20180724.0.el7_5\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"redhat-virtualization-host-image-update-placeholder-4.2-5.0.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imgbased / python-imgbased / redhat-release-virtualization-host / etc\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-02T03:50:14", "description": "An update for ansible is now available for Ansible Engine 2.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nAnsible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH\nand does not require any software or daemons to be installed on remote\nnodes. Extension modules can be written in any language and are\ntransferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.6.1)\n\nSecurity fix(es) :\n\n* ansible: Inventory variables are loaded from current working\ndirectory when running ad-hoc command that can lead to code execution\n(CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory\nallowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nThis issue was discovered by Brian Coca (Red Hat), and Michael Scherer\n(OSAS).\n\nBug Fix(es) :\n\n* Fix junos_config confirm commit timeout issue\n(https://github.com/ansible/ ansible/pull/41527)\n\n* file module - The touch subcommand had its diff output broken during\nthe 2.6.x development cycle. The patch to fix that broke check mode.\nThis is now fixed (https://github.com/ansible/ansible/issues/42111)\n\n* inventory manager - This fixes required options being populated\nbefore the inventory config file is read, so the required options may\nbe set in the config file.\n\n* nsupdate - allow hmac-sha384\nhttps://github.com/ansible/ansible/pull/42209\n\n* win_domain - fixes typo in one of the AD cmdlets\nhttps://github.com/ansible /ansible/issues/41536\n\n* win_group_membership - uses the internal Ansible SID conversion\nlogic and uses that when comparing group membership instead of the\nname https:// github.com/ansible/ansible/issues/40649", "edition": 18, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-07-12T00:00:00", "title": "RHEL 7 : ansible (RHSA-2018:2151)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10874", "CVE-2018-10875"], "modified": "2018-07-12T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ansible", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2018-2151.NASL", "href": "https://www.tenable.com/plugins/nessus/111027", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:2151. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111027);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/01\");\n\n script_cve_id(\"CVE-2018-10874\", \"CVE-2018-10875\");\n script_xref(name:\"RHSA\", value:\"2018:2151\");\n\n script_name(english:\"RHEL 7 : ansible (RHSA-2018:2151)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for ansible is now available for Ansible Engine 2.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nAnsible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH\nand does not require any software or daemons to be installed on remote\nnodes. Extension modules can be written in any language and are\ntransferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.6.1)\n\nSecurity fix(es) :\n\n* ansible: Inventory variables are loaded from current working\ndirectory when running ad-hoc command that can lead to code execution\n(CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory\nallowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nThis issue was discovered by Brian Coca (Red Hat), and Michael Scherer\n(OSAS).\n\nBug Fix(es) :\n\n* Fix junos_config confirm commit timeout issue\n(https://github.com/ansible/ ansible/pull/41527)\n\n* file module - The touch subcommand had its diff output broken during\nthe 2.6.x development cycle. The patch to fix that broke check mode.\nThis is now fixed (https://github.com/ansible/ansible/issues/42111)\n\n* inventory manager - This fixes required options being populated\nbefore the inventory config file is read, so the required options may\nbe set in the config file.\n\n* nsupdate - allow hmac-sha384\nhttps://github.com/ansible/ansible/pull/42209\n\n* win_domain - fixes typo in one of the AD cmdlets\nhttps://github.com/ansible /ansible/issues/41536\n\n* win_group_membership - uses the internal Ansible SID conversion\nlogic and uses that when comparing group membership instead of the\nname https:// github.com/ansible/ansible/issues/40649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:2151\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-10874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-10875\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected ansible package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:2151\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL7\", rpm:\"ansible-2.6\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Red Hat Ansible 2.6\");\n\n if (rpm_check(release:\"RHEL7\", reference:\"ansible-2.6.1-1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ansible\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:16:26", "description": "Update to ansible 2.6.1 bugfix release. Fixes also 2 CVEs:\nCVE-2018-10874 and CVE-2018-10875\n\nSee\nhttps://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELO\nG-v2.6.rst for full list of changes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 11, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : ansible (2018-1d2bc76093)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10874", "CVE-2018-10875"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ansible", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-1D2BC76093.NASL", "href": "https://www.tenable.com/plugins/nessus/120275", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-1d2bc76093.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120275);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-10874\", \"CVE-2018-10875\");\n script_xref(name:\"FEDORA\", value:\"2018-1d2bc76093\");\n\n script_name(english:\"Fedora 28 : ansible (2018-1d2bc76093)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to ansible 2.6.1 bugfix release. Fixes also 2 CVEs:\nCVE-2018-10874 and CVE-2018-10875\n\nSee\nhttps://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELO\nG-v2.6.rst for full list of changes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-1d2bc76093\"\n );\n # https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bcd9b701\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ansible package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"ansible-2.6.1-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ansible\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:18:15", "description": "Update to ansible 2.6.1 bugfix release. Fixes also 2 CVEs:\nCVE-2018-10874 and CVE-2018-10875\n\nSee\nhttps://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELO\nG-v2.6.rst for full list of changes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-07-24T00:00:00", "title": "Fedora 27 : ansible (2018-53790a5236)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10874", "CVE-2018-10875"], "modified": "2018-07-24T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:ansible"], "id": "FEDORA_2018-53790A5236.NASL", "href": "https://www.tenable.com/plugins/nessus/111240", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-53790a5236.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111240);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-10874\", \"CVE-2018-10875\");\n script_xref(name:\"FEDORA\", value:\"2018-53790a5236\");\n\n script_name(english:\"Fedora 27 : ansible (2018-53790a5236)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to ansible 2.6.1 bugfix release. Fixes also 2 CVEs:\nCVE-2018-10874 and CVE-2018-10875\n\nSee\nhttps://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELO\nG-v2.6.rst for full list of changes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-53790a5236\"\n );\n # https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bcd9b701\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ansible package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"ansible-2.6.1-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ansible\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-02T03:50:25", "description": "An update for ansible is now available for Ansible Engine 2.6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nAnsible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH\nand does not require any software or daemons to be installed on remote\nnodes. Extension modules can be written in any language and are\ntransferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.6.1)\n\nSecurity fix(es) :\n\n* ansible: Inventory variables are loaded from current working\ndirectory when running ad-hoc command that can lead to code execution\n(CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory\nallowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nThis issue was discovered by Brian Coca (Red Hat), and Michael Scherer\n(OSAS).\n\nBug Fix(es) :\n\n* Fix junos_config confirm commit timeout issue\n(https://github.com/ansible/ ansible/pull/41527)\n\n* file module - The touch subcommand had its diff output broken during\nthe 2.6.x development cycle. The patch to fix that broke check mode.\nThis is now fixed (https://github.com/ansible/ansible/issues/42111)\n\n* inventory manager - This fixes required options being populated\nbefore the inventory config file is read, so the required options may\nbe set in the config file.\n\n* nsupdate - allow hmac-sha384\nhttps://github.com/ansible/ansible/pull/42209\n\n* win_domain - fixes typo in one of the AD cmdlets\nhttps://github.com/ansible /ansible/issues/41536\n\n* win_group_membership - uses the internal Ansible SID conversion\nlogic and uses that when comparing group membership instead of the\nname https:// github.com/ansible/ansible/issues/40649", "edition": 18, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-07-12T00:00:00", "title": "RHEL 7 : ansible (RHSA-2018:2166)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10874", "CVE-2018-10875"], "modified": "2018-07-12T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ansible", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2018-2166.NASL", "href": "https://www.tenable.com/plugins/nessus/111030", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:2166. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111030);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/01\");\n\n script_cve_id(\"CVE-2018-10874\", \"CVE-2018-10875\");\n script_xref(name:\"RHSA\", value:\"2018:2166\");\n\n script_name(english:\"RHEL 7 : ansible (RHSA-2018:2166)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for ansible is now available for Ansible Engine 2.6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nAnsible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH\nand does not require any software or daemons to be installed on remote\nnodes. Extension modules can be written in any language and are\ntransferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.6.1)\n\nSecurity fix(es) :\n\n* ansible: Inventory variables are loaded from current working\ndirectory when running ad-hoc command that can lead to code execution\n(CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory\nallowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nThis issue was discovered by Brian Coca (Red Hat), and Michael Scherer\n(OSAS).\n\nBug Fix(es) :\n\n* Fix junos_config confirm commit timeout issue\n(https://github.com/ansible/ ansible/pull/41527)\n\n* file module - The touch subcommand had its diff output broken during\nthe 2.6.x development cycle. The patch to fix that broke check mode.\nThis is now fixed (https://github.com/ansible/ansible/issues/42111)\n\n* inventory manager - This fixes required options being populated\nbefore the inventory config file is read, so the required options may\nbe set in the config file.\n\n* nsupdate - allow hmac-sha384\nhttps://github.com/ansible/ansible/pull/42209\n\n* win_domain - fixes typo in one of the AD cmdlets\nhttps://github.com/ansible /ansible/issues/41536\n\n* win_group_membership - uses the internal Ansible SID conversion\nlogic and uses that when comparing group membership instead of the\nname https:// github.com/ansible/ansible/issues/40649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:2166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-10874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-10875\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected ansible package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:2166\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL7\", rpm:\"ansible-2.6\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Red Hat Ansible 2.6\");\n\n if (rpm_check(release:\"RHEL7\", reference:\"ansible-2.6.1-1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ansible\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-02T03:50:14", "description": "An update for ansible is now available for Ansible Engine 2.4.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nAnsible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH\nand does not require any software or daemons to be installed on remote\nnodes. Extension modules can be written in any language and are\ntransferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.4.6)\n\nSecurity fix(es) :\n\n* ansible: Inventory variables are loaded from current working\ndirectory when running ad-hoc command that can lead to code execution\n(CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory\nallowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nThis issue was discovered by Brian Coca (Red Hat), and Michael Scherer\n(OSAS).", "edition": 18, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-07-12T00:00:00", "title": "RHEL 7 : ansible (RHSA-2018:2152)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10874", "CVE-2018-10875"], "modified": "2018-07-12T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ansible", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:ansible-doc"], "id": "REDHAT-RHSA-2018-2152.NASL", "href": "https://www.tenable.com/plugins/nessus/111028", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:2152. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111028);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/01\");\n\n script_cve_id(\"CVE-2018-10874\", \"CVE-2018-10875\");\n script_xref(name:\"RHSA\", value:\"2018:2152\");\n\n script_name(english:\"RHEL 7 : ansible (RHSA-2018:2152)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for ansible is now available for Ansible Engine 2.4.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nAnsible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH\nand does not require any software or daemons to be installed on remote\nnodes. Extension modules can be written in any language and are\ntransferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.4.6)\n\nSecurity fix(es) :\n\n* ansible: Inventory variables are loaded from current working\ndirectory when running ad-hoc command that can lead to code execution\n(CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory\nallowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nThis issue was discovered by Brian Coca (Red Hat), and Michael Scherer\n(OSAS).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:2152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-10874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-10875\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected ansible and / or ansible-doc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansible-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:2152\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL7\", rpm:\"ansible-2.4\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Red Hat Ansible 2.4\");\n\n if (rpm_check(release:\"RHEL7\", reference:\"ansible-2.4.6.0-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"ansible-doc-2.4.6.0-1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ansible / ansible-doc\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-18T11:00:26", "description": "It was discovered that Ansible failed to properly handle sensitive\ninformation. A local attacker could use those vulnerabilities to\nextract them. (CVE-2017-7481) (CVE-2018-10855) (CVE-2018-16837)\n(CVE-2018-16876) (CVE-2019-10156)\n\nIt was discovered that Ansible could load configuration files from the\ncurrent working directory containing crafted commands. An attacker\ncould run arbitrary code as result. (CVE-2018-10874) (CVE-2018-10875)\n\nIt was discovered that Ansible fetch module had a path traversal\nvulnerability. A local attacker could copy and overwrite files outside\nof the specified destination. (CVE-2019-3828).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-25T00:00:00", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Ansible vulnerabilities (USN-4072-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16876", "CVE-2019-3828", "CVE-2017-7481", "CVE-2018-10855", "CVE-2018-10874", "CVE-2019-10156", "CVE-2018-10875", "CVE-2018-16837"], "modified": "2019-07-25T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04", "p-cpe:/a:canonical:ubuntu_linux:ansible"], "id": "UBUNTU_USN-4072-1.NASL", "href": "https://www.tenable.com/plugins/nessus/127043", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4072-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127043);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2017-7481\", \"CVE-2018-10855\", \"CVE-2018-10874\", \"CVE-2018-10875\", \"CVE-2018-16837\", \"CVE-2018-16876\", \"CVE-2019-10156\", \"CVE-2019-3828\");\n script_xref(name:\"USN\", value:\"4072-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Ansible vulnerabilities (USN-4072-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that Ansible failed to properly handle sensitive\ninformation. A local attacker could use those vulnerabilities to\nextract them. (CVE-2017-7481) (CVE-2018-10855) (CVE-2018-16837)\n(CVE-2018-16876) (CVE-2019-10156)\n\nIt was discovered that Ansible could load configuration files from the\ncurrent working directory containing crafted commands. An attacker\ncould run arbitrary code as result. (CVE-2018-10874) (CVE-2018-10875)\n\nIt was discovered that Ansible fetch module had a path traversal\nvulnerability. A local attacker could copy and overwrite files outside\nof the specified destination. (CVE-2019-3828).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4072-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected ansible package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10875\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"ansible\", pkgver:\"2.0.0.2-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"ansible\", pkgver:\"2.5.1+dfsg-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"ansible\", pkgver:\"2.7.8+dfsg-1ubuntu0.19.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ansible\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T13:42:41", "description": "Several vulnerabilities have been found in Ansible, a configuration\nmanagement, deployment, and task execution system :\n\n - CVE-2018-10855/ CVE-2018-16876\n The no_log task flag wasn't honored, resulting in an\n information leak.\n\n - CVE-2018-10875\n ansible.cfg was read from the current working directory.\n\n - CVE-2018-16837\n The user module leaked parameters passed to ssh-keygen\n to the process environment.\n\n - CVE-2019-3828\n The fetch module was susceptible to path traversal.", "edition": 12, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-20T00:00:00", "title": "Debian DSA-4396-1 : ansible - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16876", "CVE-2019-3828", "CVE-2018-10855", "CVE-2018-10875", "CVE-2018-16837"], "modified": "2019-02-20T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ansible", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4396.NASL", "href": "https://www.tenable.com/plugins/nessus/122321", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4396. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122321);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/26\");\n\n script_cve_id(\"CVE-2018-10855\", \"CVE-2018-10875\", \"CVE-2018-16837\", \"CVE-2018-16876\", \"CVE-2019-3828\");\n script_xref(name:\"DSA\", value:\"4396\");\n\n script_name(english:\"Debian DSA-4396-1 : ansible - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been found in Ansible, a configuration\nmanagement, deployment, and task execution system :\n\n - CVE-2018-10855/ CVE-2018-16876\n The no_log task flag wasn't honored, resulting in an\n information leak.\n\n - CVE-2018-10875\n ansible.cfg was read from the current working directory.\n\n - CVE-2018-16837\n The user module leaked parameters passed to ssh-keygen\n to the process environment.\n\n - CVE-2019-3828\n The fetch module was susceptible to path traversal.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-10855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-10875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-3828\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/ansible\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/ansible\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4396\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the ansible packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 2.2.1.0-2+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10875\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"ansible\", reference:\"2.2.1.0-2+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-23T16:31:14", "description": "This update for ansible to version 2.7.8 fixes the following issues :\n\nSecurity issues fixed: 	 \n\n - CVE-2018-16837: Fixed an information leak in user module\n (bsc#1112959).\n\n - CVE-2018-16859: Fixed an issue which clould allow\n logging of password in plaintext in Windows powerShell\n (bsc#1116587).\n\n - CVE-2019-3828: Fixed a path traversal vulnerability in\n fetch module (bsc#1126503).\n\n - CVE-2018-10875: Fixed a potential code execution in\n ansible.cfg (bsc#1099808).\n\n - CVE-2018-16876: Fixed an issue which could allow\n information disclosure in vvv+ mode with no_log on\n (bsc#1118896).\n\nOther issues addressed :\n\n - prepare update to 2.7.8 for multiple releases\n (boo#1102126, boo#1109957)\n\nRelease notes:\nhttps://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELO\nG-v2.7.rst#id1", "edition": 11, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-03T00:00:00", "title": "openSUSE Security Update : ansible (openSUSE-2019-1125)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16859", "CVE-2018-16876", "CVE-2019-3828", "CVE-2018-10875", "CVE-2018-16837"], "modified": "2019-04-03T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:ansible"], "id": "OPENSUSE-2019-1125.NASL", "href": "https://www.tenable.com/plugins/nessus/123669", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1125.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123669);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2018-10875\", \"CVE-2018-16837\", \"CVE-2018-16859\", \"CVE-2018-16876\", \"CVE-2019-3828\");\n\n script_name(english:\"openSUSE Security Update : ansible (openSUSE-2019-1125)\");\n script_summary(english:\"Check for the openSUSE-2019-1125 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for ansible to version 2.7.8 fixes the following issues :\n\nSecurity issues fixed: 	 \n\n - CVE-2018-16837: Fixed an information leak in user module\n (bsc#1112959).\n\n - CVE-2018-16859: Fixed an issue which clould allow\n logging of password in plaintext in Windows powerShell\n (bsc#1116587).\n\n - CVE-2019-3828: Fixed a path traversal vulnerability in\n fetch module (bsc#1126503).\n\n - CVE-2018-10875: Fixed a potential code execution in\n ansible.cfg (bsc#1099808).\n\n - CVE-2018-16876: Fixed an issue which could allow\n information disclosure in vvv+ mode with no_log on\n (bsc#1118896).\n\nOther issues addressed :\n\n - prepare update to 2.7.8 for multiple releases\n (boo#1102126, boo#1109957)\n\nRelease notes:\nhttps://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELO\nG-v2.7.rst#id1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1099808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126503\"\n );\n # https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst#id1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?38ee3bd6\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected ansible package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10875\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ansible-2.7.8-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ansible\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:37:32", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16876", "CVE-2019-3828", "CVE-2017-7481", "CVE-2018-10855", "CVE-2018-10874", "CVE-2019-10156", "CVE-2018-10875", "CVE-2018-16837"], "description": "It was discovered that Ansible failed to properly handle sensitive information. \nA local attacker could use those vulnerabilities to extract them. \n(CVE-2017-7481) \n(CVE-2018-10855) \n(CVE-2018-16837) \n(CVE-2018-16876) \n(CVE-2019-10156)\n\nIt was discovered that Ansible could load configuration files from the current \nworking directory containing crafted commands. An attacker could run arbitrary \ncode as result. \n(CVE-2018-10874) \n(CVE-2018-10875)\n\nIt was discovered that Ansible fetch module had a path traversal vulnerability. \nA local attacker could copy and overwrite files outside of the specified \ndestination. \n(CVE-2019-3828)", "edition": 2, "modified": "2019-07-24T00:00:00", "published": "2019-07-24T00:00:00", "id": "USN-4072-1", "href": "https://ubuntu.com/security/notices/USN-4072-1", "title": "Ansible vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-06-01T01:05:14", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16876", "CVE-2019-3828", "CVE-2018-10855", "CVE-2018-10875", "CVE-2018-16837"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4396-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 19, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : ansible\nCVE ID : CVE-2018-10855 CVE-2018-10875 CVE-2018-16837 CVE-2018-16876 \n CVE-2019-3828\n\nSeveral vulnerabilities have been found in Ansible, a configuration\nmanagement, deployment, and task execution system:\n\nCVE-2018-10855 / CVE-2018-16876\n\n The no_log task flag wasn't honored, resulting in an information leak.\n\nCVE-2018-10875\n\n ansible.cfg was read from the current working directory.\n\nCVE-2018-16837\n\n The user module leaked parameters passed to ssh-keygen to the process\n environment.\n\nCVE-2019-3828\n\n The fetch module was susceptible to path traversal.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2.2.1.0-2+deb9u1.\n\nWe recommend that you upgrade your ansible packages.\n\nFor the detailed security status of ansible please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/ansible\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2019-02-19T21:55:12", "published": "2019-02-19T21:55:12", "id": "DEBIAN:DSA-4396-1:65A61", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00037.html", "title": "[SECURITY] [DSA 4396-1] ansible security update", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T00:55:38", "bulletinFamily": "unix", "cvelist": ["CVE-2015-6240", "CVE-2019-10156", "CVE-2018-10875", "CVE-2015-3908"], "description": "Package : ansible\nVersion : 1.7.2+dfsg-2+deb8u2\nCVE ID : CVE-2015-3908 CVE-2015-6240 CVE-2018-10875 CVE-2019-10156\nDebian Bug : 930065\n\n\nSeveral vulnerabilities were discovered in Ansible, a configuration\nmanagement, deployment, and task execution system.\n\nCVE-2015-3908\n\n A potential man-in-the-middle attack associated with insusfficient\n X.509 certificate verification. Ansible did not verify that the\n server hostname matches a domain name in the subject's Common Name\n (CN) or subjectAltName field of the X.509 certificate, which allows\n man-in-the-middle attackers to spoof SSL servers via an arbitrary\n valid certificate.\n\nCVE-2015-6240\n\n A symlink attack that allows local users to escape a restricted\n environment (chroot or jail) via a symlink attack.\n\nCVE-2018-10875\n\n A fix potential arbitrary code execution resulting from reading\n ansible.cfg from a world-writable current working directory. This\n condition now causes ansible to emit a warning and ignore the\n ansible.cfg in the world-writable current working directory.\n\nCVE-2019-10156\n\n Information disclosure through unexpected variable substitution.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1.7.2+dfsg-2+deb8u2.\n\nWe recommend that you upgrade your ansible packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 8, "modified": "2019-09-16T12:23:45", "published": "2019-09-16T12:23:45", "id": "DEBIAN:DLA-1923-1:2C401", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201909/msg00016.html", "title": "[SECURITY] [DLA 1923-1] ansible security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2019-04-03T11:09:42", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16859", "CVE-2018-16876", "CVE-2019-3828", "CVE-2018-10875", "CVE-2018-16837"], "description": "This update for ansible to version 2.7.8 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-16837: Fixed an information leak in user module (bsc#1112959).\n - CVE-2018-16859: Fixed an issue which clould allow logging of password in\n plaintext in Windows powerShell (bsc#1116587).\n - CVE-2019-3828: Fixed a path traversal vulnerability in fetch module\n (bsc#1126503).\n - CVE-2018-10875: Fixed a potential code execution in ansible.cfg\n (bsc#1099808).\n - CVE-2018-16876: Fixed an issue which could allow information disclosure\n in vvv+ mode with no_log on (bsc#1118896).\n\n Other issues addressed:\n\n - prepare update to 2.7.8 for multiple releases (boo#1102126, boo#1109957)\n\n Release notes:\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2\">https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2</a>.\n 7.rst#id1\n\n", "edition": 1, "modified": "2019-04-03T09:10:10", "published": "2019-04-03T09:10:10", "id": "OPENSUSE-SU-2019:1125-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html", "title": "Security update for ansible (moderate)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-23T17:16:21", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16859", "CVE-2018-16876", "CVE-2017-7481", "CVE-2018-10855", "CVE-2018-10875", "CVE-2017-7466"], "description": "This update for ansible fixes the following issues:\n\n Security vulnerabilities fixed:\n\n - CVE-2018-16876: Respect no_log on retry and high verbosity (bsc#1118896)\n - CVE-2018-16859: Windows - prevent sensitive content from appearing in\n scriptblock logging (bsc#1116587)\n - CVE-2018-10855: Fixed the honouration of the no_log option with failed\n task iterations (boo#1097775)\n - CVE-2017-7466: Fixed an input validation vulnerability in Ansible's\n handling\n of data sent from client systems\n - CVE-2017-7481: Fixed a security issue with lookup return not tainting\n the jinja2 environment (bsc#1038785)\n\n Other bug fixes and changes:\n\n - Update to version 2.7.6\n * Added log message at -vvvv when using netconf connection listing\n connection details.\n * Changes how ansible-connection names socket lock files. They now use\n the same name as the socket itself, and as such do not lock other\n attempts on connections to the same host, or cause issues with\n overly-long hostnames.\n * Fix mandatory statement error for junos modules\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/50138\">https://github.com/ansible/ansible/pull/50138</a>)\n * Moved error in netconf connection plugin from at import to on\n connection.\n * This reverts some changes from commit 723daf3. If a line is found in\n the file, exactly or via regexp matching, it must not be added again.\n insertafter/insertbefore options are used only when a line is to be\n inserted, to specify where it must be added.\n * allow using openstack inventory plugin w/o a cache\n * callbacks - Do not filter out exception, warnings, deprecations on\n failure when using debug\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/47576\">https://github.com/ansible/ansible/issues/47576</a>)\n * certificate_complete_chain - fix behavior when invalid file is parsed\n while reading intermediate or root certificates.\n * copy - Ensure that the src file contents is converted to unicode in\n diff information so that it is properly wrapped by AnsibleUnsafeText\n to prevent unexpected templating of diff data in Python3\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/45717\">https://github.com/ansible/ansible/issues/45717</a>)\n * correct behaviour of verify_file for vmware inventory plugin, it was\n always returning True\n * dnf - fix issue where conf_file was not being loaded properly\n * dnf - fix update_cache combined with install operation to not cause\n dnf transaction failure\n * docker_container - fix network_mode idempotency if the\n container:<container-name> form is used (as opposed to\n container:<container-id>)\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/49794\">https://github.com/ansible/ansible/issues/49794</a>)\n * docker_container - warning when non-string env values are found,\n avoiding YAML parsing issues. Will be made an error in Ansible 2.8.\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/49802\">https://github.com/ansible/ansible/issues/49802</a>)\n * docker_swarm_service - Document labels and container_labels with\n correct type.\n * docker_swarm_service - Document limit_memory and reserve_memory\n correctly on how to specify sizes.\n * docker_swarm_service - Document minimal API version for configs and\n secrets.\n * docker_swarm_service - fix use of Docker API so that services are not\n detected as present if there is an existing service whose name is a\n substring of the desired service\n * docker_swarm_service - fixing falsely reporting update_order as\n changed when option is not used.\n * document old option that was initally missed\n * ec2_instance now respects check mode\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/46774\">https://github.com/ansible/ansible/pull/46774</a>\n * fix for network_cli - ansible_command_timeout not working as expected\n (#49466)\n * fix handling of firewalld port if protocol is missing\n * fix lastpass lookup failure on python 3\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/42062\">https://github.com/ansible/ansible/issues/42062</a>)\n * flatpak - Fixed Python 2/3 compatibility\n * flatpak - Fixed issue where newer versions of flatpak failed on\n flatpak removal\n * flatpak_remote - Fixed Python 2/3 compatibility\n * gcp_compute_instance - fix crash when the instance metadata is not set\n * grafana_dashboard - Fix a pair of unicode string handling issues with\n version checking (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/49194\">https://github.com/ansible/ansible/pull/49194</a>)\n * host execution order - Fix reverse_inventory not to change the order\n of the items before reversing on python2 and to not backtrace on\n python3\n * icinga2_host - fixed the issue with not working use_proxy option of\n the module.\n * influxdb_user - An unspecified password now sets the password to\n blank, except on existing users. This previously caused an unhandled\n exception.\n * influxdb_user - Fixed unhandled exception when using invalid login\n credentials (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/50131\">https://github.com/ansible/ansible/issues/50131</a>)\n * openssl_* - fix error when path contains a file name without path.\n * openssl_csr - fix problem with idempotency of keyUsage option.\n * openssl_pkcs12 - now does proper path expansion for ca_certificates.\n * os_security_group_rule - os_security_group_rule doesn't exit properly\n when secgroup doesn't exist and state=absent\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/50057\">https://github.com/ansible/ansible/issues/50057</a>)\n * paramiko_ssh - add auth_timeout parameter to ssh.connect when\n supported by installed paramiko version. This will prevent\n "Authentication timeout" errors when a slow authentication step (>30s)\n happens with a host (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/42596\">https://github.com/ansible/ansible/issues/42596</a>)\n * purefa_facts and purefb_facts now correctly adds facts into main\n ansible_fact dictionary (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/50349\">https://github.com/ansible/ansible/pull/50349</a>)\n * reboot - add appropriate commands to make the plugin work with VMware\n ESXi (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/48425\">https://github.com/ansible/ansible/issues/48425</a>)\n * reboot - add support for rebooting AIX\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/49712\">https://github.com/ansible/ansible/issues/49712</a>)\n * reboot - gather distribution information in order to support Alpine\n and other distributions\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/46723\">https://github.com/ansible/ansible/issues/46723</a>)\n * reboot - search common paths for the shutdown command and use the full\n path to the binary rather than depending on the PATH of the remote\n system (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/47131\">https://github.com/ansible/ansible/issues/47131</a>)\n * reboot - use a common set of commands for older and newer Solaris and\n SunOS variants (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/48986\">https://github.com/ansible/ansible/pull/48986</a>)\n * redfish_utils - fix reference to local variable 'systems_service'\n * setup - fix the rounding of the ansible_memtotal_mb value on VMWare\n vm's (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/49608\">https://github.com/ansible/ansible/issues/49608</a>)\n * vultr_server - fixed multiple ssh keys were not handled.\n * win_copy - Fix copy of a dir that contains an empty directory -\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/50077\">https://github.com/ansible/ansible/issues/50077</a>\n * win_firewall_rule - Remove invalid 'bypass' action\n * win_lineinfile - Fix issue where a malformed json block was returned\n causing an error\n * win_updates - Correctly report changes on success\n\n - update to version 2.7.5\n * ACME modules: improve error messages in some cases (include error\n returned by server).\n * Added unit test for VMware module_utils.\n * Also check stdout for interpreter errors for more intelligent messages\n to user\n * Backported support for Devuan-based distribution\n * Convert hostvars data in OpenShift inventory plugin to be serializable\n by ansible-inventory\n * Fix AttributeError (Python 3 only) when an exception occurs while\n rendering a template\n * Fix N3K power supply facts\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/49150\">https://github.com/ansible/ansible/pull/49150</a>).\n * Fix NameError nxos_facts\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/48981\">https://github.com/ansible/ansible/pull/48981</a>).\n * Fix VMware module utils for self usage.\n * Fix error in OpenShift inventory plugin when a pod has errored and is\n empty\n * Fix if the route table changed to none\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/49533\">https://github.com/ansible/ansible/pull/49533</a>)\n * Fix iosxr netconf plugin response namespace\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/49300\">https://github.com/ansible/ansible/pull/49300</a>)\n * Fix issues with nxos_install_os module for nxapi\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/48811\">https://github.com/ansible/ansible/pull/48811</a>).\n * Fix lldp and cdp neighbors information\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/48318\">https://github.com/ansible/ansible/pull/48318</a>)(<a rel=\"nofollow\" href=\"https://github.com/ansible/\">https://github.com/ansible/</a>\n ansible/pull/48087)(<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/49024\">https://github.com/ansible/ansible/pull/49024</a>).\n * Fix nxos_interface and nxos_linkagg Idempotence issue\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/46437\">https://github.com/ansible/ansible/pull/46437</a>).\n * Fix traceback when updating facts and the fact cache plugin was\n nonfunctional\n * Fix using vault encrypted data with jinja2_native\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/48950\">https://github.com/ansible/ansible/issues/48950</a>)\n * Fixed: Make sure that the files excluded when extracting the archive\n are not checked. <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/45122\">https://github.com/ansible/ansible/pull/45122</a>\n * Fixes issue where a password parameter was not set to no_log\n * aci_rest - Fix issue ignoring custom port\n * acme_account, acme_account_facts - in some cases, it could happen that\n the modules return information on disabled accounts accidentally\n returned by the ACME server.\n * docker_swarm - decreased minimal required API version from 1.35 to\n 1.25; some features require API version 1.30 though.\n * docker_swarm_service: fails because of default "user: root"\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/49199\">https://github.com/ansible/ansible/issues/49199</a>)\n * ec2_metadata_facts - Parse IAM role name from the security credential\n field since the instance profile name is different\n * fix azure_rm_image module use positional parameter\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/49394\">https://github.com/ansible/ansible/pull/49394</a>)\n * fixes an issue with dict_merge in network utils\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/49474\">https://github.com/ansible/ansible/pull/49474</a>)\n * gcp_utils - fix google auth scoping issue with application default\n credentials or google cloud engine credentials. Only scope credentials\n that can be scoped.\n * mail - fix python 2.7 regression\n * openstack - fix parameter handling when cloud provided as dict\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/42858\">https://github.com/ansible/ansible/issues/42858</a>\n * os_user - Include domain parameter in user deletion\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/42901\">https://github.com/ansible/ansible/issues/42901</a>\n * os_user - Include domain parameter in user lookup\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/42901\">https://github.com/ansible/ansible/issues/42901</a>\n * ovirt_storage_connection - comparing passwords breaks idempotency in\n update_check (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/48933\">https://github.com/ansible/ansible/issues/48933</a>)\n * paramiko_ssh - improve log message to state the connection type\n * reboot - use IndexError instead of TypeError in exception\n * redis cache - Support version 3 of the redis python library\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/49341\">https://github.com/ansible/ansible/issues/49341</a>)\n * sensu_silence - Cast int for expire field to avoid call failure to\n sensu API.\n * vmware_host_service_facts - handle exception when service package does\n not have package name.\n * win_nssm - Switched to Argv-ToString for escaping NSSM credentials\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/48728\">https://github.com/ansible/ansible/issues/48728</a>)\n * zabbix_hostmacro - Added missing validate_certs logic for running\n module against Zabbix servers with untrused SSL certificates\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/47611\">https://github.com/ansible/ansible/issues/47611</a>)\n * zabbix_hostmacro - Fixed support for user macros with context\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/46953\">https://github.com/ansible/ansible/issues/46953</a>)\n\n - update to version 2.7.4\n * powershell - add lib/ansible/executor/powershell to the packaging data\n\n - update to version 2.7.3\n * Fix the issue that FTD HTTP API retries authentication-related HTTP\n requests\n * Fix the issue that module fails when the Swagger model does not have\n required fields\n * Fix the issue with comparing string-like objects\n * Fix using omit on play keywords\n * apt_key - Disable TTY requirement in GnuPG for the module to work\n correctly when SSH pipelining is enabled\n * better error message when bad type in config, deal with EVNAR= more\n gracefully\n * configuration retrieval would fail on non primed plugins\n * cs_template - Fixed a KeyError on state=extracted\n * docker_container - fix idempotency problems with docker-py caused by\n previous init idempotency fix\n * docker_container - fix interplay of docker-py version check with\n argument_spec validation improvements\n * docker_network - driver_options containing Python booleans would cause\n Docker to throw exceptions\n * ec2_group - Fix comparison of determining which rules to purge by\n ignoring descriptions\n * pip module - fix setuptools/distutils replacement\n * sysvinit - enabling a service should use "defaults" if no runlevels\n are specified\n\n - update to version 2.7.2\n * Minor changes\n\n - update to 2.7.1\n * Minor changes\n\n - update to 2.7.0\n * Allow config to enable native jinja types\n * Remove support for simplejson\n * yum and dnf modules now at feature parity\n * Security Fix - avoid loading host/group vars from cwd when not\n specifying a playbook or playbook base dir\n * Security Fix - avoid using ansible.cfg in a world writable dir\n * Some connection exception would cause no_log specified on a task to be\n ignored (stdout info disclosure)\n * Fix glob path of rc.d (SUSE-specific)\n * Fix lambda_policy updates\n * Fix alt linux detection/matching\n\n - update to 2.6.4\n * Add md5sum check in nxos_file_copy module\n * Allow arbitrary log_driver for docker_container\n * Fix Python2.6 regex bug terminal plugin nxos, iosxr\n * Fix check_mode in nxos_static_route module\n * Fix glob path of rc.d Some distribtuions like SUSE has the rc%.d\n directories under /etc/init.d\n * Fix network config diff issue for lines\n * Fixed an issue where ansible_facts.pkg_mgr would incorrectly set to\n zypper on Debian/Ubuntu systems that happened to have the command\n installed\n * The docker_* modules respect the DOCKER_* environment variables again\n * The fix for CVE-2018-10875 prints out a warning message about skipping\n a config file from a world writable current working directory.\n However, if the user is in a world writable current working directory\n which does not contain a config file, it should not print a warning\n message. This release fixes that extaneous warning.\n * To resolve nios_network issue where vendor-encapsulated-options can\n not have a use_option flag.\n * To resolve the issue of handling exception for Nios lookup gracefully.\n * always correctly template no log for tasks\n * ansible-galaxy - properly list all roles in roles_path\n * basic.py - catch ValueError in case a FIPS enabled platform raises\n this exception\n * docker_container: fixing working_dir idempotency problem\n * docker_container: makes unit parsing for memory sizes more consistent,\n and fixes idempotency problem when kernel_memory is set\n * fix example code for AWS lightsail documentation\n * fix the enable_snat parameter that is only supposed to be used by an\n user with the right policies.\n * fixes docker_container check and debug mode\n * improves docker_container idempotency\n * ios_l2_interface - fix bug when list of vlans ends with comma\n * ios_l2_interface - fix issue with certain interface types\n * ios_user - fix unable to delete user admin issue\n * ios_vlan - fix unable to work on certain interface types issue\n * nxos_facts test lldp feature and fix nxapi check_rc\n * nxos_interface port-channel idempotence fix for mode\n * nxos_linkagg mode fix\n * nxos_system idempotence fix\n * nxos_vlan refactor to support non structured output\n * one_host - fixes settings via environment variables\n * use retry_json nxos_banner\n * user - Strip trailing comments in /etc/default/passwd\n * user - when creating a new user without an expiration date, properly\n set no expiration rather that expirining the account\n * win_domain_computer - fixed deletion of computer active directory\n object that have dependent objects\n * win_domain_computer - fixed error in diff_support\n * win_domain_computer - fixed error when description parameter is empty\n * win_psexec - changed code to not escape the command option when\n building the args\n * win_uri -- Fix support for JSON output when charset is set\n * win_wait_for - fix issue where timeout doesn't wait unless\n state=drained\n\n - update to 2.6.3\n * Fix lxd module to be idempotent when the given configuration for the\n lxd container has not changed\n * Fix setting value type to str to avoid conversion during template\n read. Fix Idempotency in case of 'no key'.\n * Fix the mount module's handling of swap entries in fstab\n * The fix for (CVE-2018-10875) prints out a warning message about\n skipping a config file from a world writable current working\n directory. However, if the user explicitly specifies that the config\n file should be used via the ANSIBLE_CONFIG environment variable then\n Ansible would honor that but still print out the warning message. This\n has been fixed so that Ansible honors the user's explicit wishes and\n does not print a warning message in that circumstance.\n * To fix the bug where existing host_record was deleted when existing\n record name is used with different IP.\n * VMware handle pnic in proxyswitch\n * fix azure security group cannot add rules when purge_rule set to false.\n * fix azure_rm_deployment collect tags from existing Resource Group.\n * fix azure_rm_loadbalancer_facts list takes at least 2 arguments.\n * fix for the bundled selectors module (used in the ssh and local\n connection plugins) when a syscall is restarted after being\n interrupted by a signal\n * get_url - fix the bug that get_url does not change mode when checksum\n matches\n * nicer error when multiprocessing breaks\n * openssl_certificate - Convert valid_date to bytes for conversion\n * openstack_inventory.py dynamic inventory file fixed the plugin to the\n script so that it will work with current ansible-inventory. Also\n redirect stdout before dumping the ouptput, because not doing so will\n cause JSON parse errors in some cases.\n * slack callback - Fix invocation by looking up data from cli.options\n * sysvinit module: handle values of optional parameters. Don't disable\n service when enabled parameter isn't set. Fix command when arguments\n parameter isn't set.\n * vars_prompt - properly template play level variables in vars_prompt\n * win_domain - ensure the Netlogon service is up and running after\n promoting host to controller\n * win_domain_controller - ensure the Netlogon service is up and running\n after promoting host to controller\n\n - update to 2.6.2\n + Add text output along with structured output in nxos_facts\n + Allow more than one page of results by using the right pagination\n indicator ('NextMarker' instead of 'NextToken').\n + Fix an atomic_move error that is 'true', but misleading. Now we show\n all 3 files involved and clarify what happened.\n + Fix eos_l2_interface eapi.\n + Fix fetching old style facts in junos_facts module\n + Fix get_device_info nxos zero or more whitespace regex\n + Fix nxos CI failures\n + Fix nxos_nxapi default http behavior\n + Fix nxos_vxlan_vtep_vni\n + Fix regex network_os_platform nxos\n + Refactor nxos cliconf get_device_info for non structured\n output supported devices\n + To fix the NoneType error raised in ios_l2_interface when Access Mode\n VLAN is unassigned\n + emtpy host/group name is an error\n + fix default SSL version for docker modules\n + fix mail module when using starttls\n + fix nmap config example\n + fix ps detection of service\n + fix the remote tmp folder permissions issue when becoming a non admin\n user\n + fix typoe in sysvinit that breaks update.rc-d detection\n + fixes docker_container compatibilty with docker-py < 2.2\n + get_capabilities in nxapi module_utils should not return empty\n dictionary\n + inventory - When using an inventory directory, ensure extension\n comparison uses text types\n + ios_vlan - fix unable to identify correct vlans issue\n + nxos_facts warning message improved\n + openvswitch_db - make 'key' argument optional\n + pause - do not set stdout to raw mode when redirecting to a file\n + pause - nest try except when importing curses to gracefully fail if\n curses is not present\n + plugins/inventory/openstack.py - Do not create group with empty name\n if region is not set\n + preseve delegation info on nolog\n + remove ambiguity when it comes to 'the source'\n + remove dupes from var precedence\n + restores filtering out conflicting facts\n + user - fix bug that resulted in module always reporting a change when\n specifiying the home directory on FreeBSD\n + user - use correct attribute name in FreeBSD for creat_home\n + vultr - Do not fail trying to load configuration from ini files if\n required variables have been set as environment variables.\n + vyos_command correcting conditionals looping\n + win_chocolatey - enable TLSv1.2 support when downloading the\n Chocolatey installer\n + win_reboot - fix for handling an already scheduled reboot and other\n minor log formatting issues\n + win_reboot - fix issue when overridding connection timeout hung the\n post reboot uptime check\n + win_reboot - handle post reboots when running test_command\n + win_security_policy - allows an empty string to reset a policy value\n + win_share - discard any cmdlet output we don't use to ensure only the\n return json is received by Ansible\n + win_unzip - discard any cmdlet output we don't use to ensure only the\n return json is received by Ansible\n + win_updates - fixed module return value is lost in error in some cases\n + win_user - Use LogonUser to validate the password as it does not rely\n on SMB/RPC to be available\n + Security Fix - avoid loading host/group vars from cwd when not\n specifying a playbook or playbook base dir\n + Security Fix - avoid using ansible.cfg in a world writable dir.\n + Fix junos_config confirm commit timeout issue\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/41527\">https://github.com/ansible/ansible/pull/41527</a>)\n + file module - The touch subcommand had its diff output broken during\n the 2.6.x development cycle. This is now fixed.\n + inventory manager - This fixes required options being populated before\n the inventory config file is read, so the required options may be set\n in the config file.\n + nsupdate - allow hmac-sha384\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/42209\">https://github.com/ansible/ansible/pull/42209</a>\n + win_domain - fixes typo in one of the AD cmdlets\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/41536\">https://github.com/ansible/ansible/issues/41536</a>\n + win_group_membership - uses the internal Ansible SID conversion logic\n and uses that when comparing group membership instead of the name\n - use fdupes to save some space in python_sitelib\n - define BuildRoot on older distributions like SLE-11\n - be a bit more flexible with the ending of manpage files to allow Fedora\n builds to succeed\n\n - updated to latest release 2.6.0\n\n - New Plugins:\n + Callback:\n - cgroup_memory_recap\n - grafana_annotations\n - sumologic\n + Connection:\n - httpapi\n + Inventory:\n - foreman\n - gcp_compute\n - generator\n - nmap\n + Lookup:\n - onepassword\n - onepassword_raw\n - Modules updates too many to mention here please look at package\n documentation directory (/usr/share/doc/packages/.../changelogs)\n - bug fixes:\n - **Security Fix** - Some connection exceptions would cause no_log\n specified on a task to be ignored. If this happened, the task\n information, including any private information coul d have been\n displayed to stdout and (if enabled, not the default) logged to a log\n file specified in ansible.cfg's log_path. Additionally, sites which\n redirected stdout from ansible runs to a log file may have stored that\n private information onto disk that way as well.\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/41414\">https://github.com/ansible/ansible/pull/41414</a>)\n - Changed the admin_users config option to not include "admin" by\n default as admin is frequently used for a non-privileged account\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/41164\">https://github.com/ansible/ansible/pull/41164</a>)\n - Changed the output to "text" for "show vrf" command as default "json"\n output format with respect to "eapi" transport was failing\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/41470\">https://github.com/ansible/ansible/pull/41470</a>)\n - Document mode=preserve for both the copy and template module\n - Fix added for Digital Ocean Volumes API change causing Ansible to\n recieve an unexpected value in the response.\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/41431\">https://github.com/ansible/ansible/pull/41431</a>)\n - Fix an encoding issue when parsing the examples from a plugins'\n documentation\n - Fix iosxr_config module to handle route-policy, community-set,\n prefix-set, as-path-set and rd-set blocks. All these blocks are part\n of route-policy language of iosxr.\n - Fix mode=preserve with remote_src=True for the copy module\n - Implement mode=preserve for the template module\n - The yaml callback plugin now allows non-ascii characters to be\n displayed.\n - Various grafana_* modules - Port away from the deprecated\n b64encodestring function to the b64encode function instead.\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/38388\">https://github.com/ansible/ansible/pull/38388</a>\n - added missing 'raise' to exception definition\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/41690\">https://github.com/ansible/ansible/pull/41690</a>\n - allow custom endpoints to be used in the aws_s3 module\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/36832\">https://github.com/ansible/ansible/pull/36832</a>)\n - allow set_options to be called multiple times\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/41913\">https://github.com/ansible/ansible/pull/41913</a>\n - ansible-doc - fixed traceback on missing plugins\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/41167\">https://github.com/ansible/ansible/pull/41167</a>)\n - cast the device_mapping volume size to an int in the ec2_ami module\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/40938\">https://github.com/ansible/ansible/pull/40938</a>)\n - copy - fixed copy to only follow symlinks for files in the\n non-recursive case\n - copy module - The copy module was attempting to change the mode of\n files for remote_src=True even if mode was not set as a parameter.\n This failed on filesystems which do not have permission bits\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/40099\">https://github.com/ansible/ansible/pull/40099</a>)\n - copy module - fixed recursive copy with relative paths\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/40166\">https://github.com/ansible/ansible/pull/40166</a>)\n - correct debug display for all cases\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/41331\">https://github.com/ansible/ansible/pull/41331</a>\n - correctly check hostvars for vars term\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/41819\">https://github.com/ansible/ansible/pull/41819</a>\n - correctly handle yaml inventory files when entries are null dicts\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/41692\">https://github.com/ansible/ansible/issues/41692</a>\n - dynamic includes - Allow inheriting attributes from static parents\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/38827\">https://github.com/ansible/ansible/pull/38827</a>)\n - dynamic includes - Don't treat undefined vars for conditional includes\n as truthy (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/39377\">https://github.com/ansible/ansible/pull/39377</a>)\n - dynamic includes - Fix IncludedFile comparison for free strategy\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/37083\">https://github.com/ansible/ansible/pull/37083</a>)\n - dynamic includes - Improved performance by fixing re-parenting on copy\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/38747\">https://github.com/ansible/ansible/pull/38747</a>)\n - dynamic includes - Use the copied and merged task for calculating task\n vars (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/39762\">https://github.com/ansible/ansible/pull/39762</a>)\n - file - fixed the default follow behaviour of file to be true\n - file module - Eliminate an error if we're asked to remove a file but\n something removes it while we are processing the request\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/39466\">https://github.com/ansible/ansible/pull/39466</a>)\n - file module - Fix error when recursively assigning permissions and a\n symlink to a nonexistent file is present in the directory tree\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/39456\">https://github.com/ansible/ansible/issues/39456</a>)\n - file module - Fix error when running a task which assures a symlink to\n a nonexistent file exists for the second and subsequent times\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/39558\">https://github.com/ansible/ansible/issues/39558</a>)\n - file module - The file module allowed the user to specify src as a\n parameter when state was not link or hard. This is documented as only\n applying to state=link or state=hard but in previous Ansible, this\n could have an effect in rare cornercases. For instance, "ansible -m\n file -a 'state=directory path=/tmp src=/var/lib'" would create\n /tmp/lib. This has been disabled and a warning emitted (will change\n to an error in Ansible-2.10).\n - file module - The touch subcommand had its diff output broken during\n the 2.6.x development cycle. This is now fixed\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/41755\">https://github.com/ansible/ansible/issues/41755</a>)\n - fix BotoCoreError exception handling\n - fix apt-mark on debian6 (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/41530\">https://github.com/ansible/ansible/pull/41530</a>)\n - fix async for the aws_s3 module by adding async support to the action\n plugin (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/40826\">https://github.com/ansible/ansible/pull/40826</a>)\n - fix decrypting vault files for the aws_s3 module\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/39634\">https://github.com/ansible/ansible/pull/39634</a>)\n - fix errors with S3-compatible APIs if they cannot use ACLs for buckets\n or objects\n - fix permission handling to try to download a file even if the user\n does not have permission to list all objects in the bucket\n - fixed config required handling, specifically for _terms in lookups\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/41740\">https://github.com/ansible/ansible/pull/41740</a>\n - gce_net - Fix sorting of allowed ports\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/41567\">https://github.com/ansible/ansible/pull/41567</a>)\n - group_by - support implicit localhost\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/41860\">https://github.com/ansible/ansible/pull/41860</a>)\n - import/include - Ensure role handlers have the proper parent, allowing\n for correct attribute inheritance\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/39426\">https://github.com/ansible/ansible/pull/39426</a>)\n - import_playbook - Pass vars applied to import_playbook into parsing of\n the playbook as they may be needed to parse the imported plays\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/39521\">https://github.com/ansible/ansible/pull/39521</a>)\n - include_role/import_role - Don't overwrite included role handlers with\n play handlers on parse (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/39563\">https://github.com/ansible/ansible/pull/39563</a>)\n - include_role/import_role - Fix parameter templating\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/36372\">https://github.com/ansible/ansible/pull/36372</a>)\n - include_role/import_role - Use the computed role name for\n include_role/import_role so to diffentiate between names computed from\n host vars (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/39516\">https://github.com/ansible/ansible/pull/39516</a>)-\n include_role/import_role - improved performance and recursion depth\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/36470\">https://github.com/ansible/ansible/pull/36470</a>)\n - lineinfile - fix insertbefore when used with BOF to not insert\n duplicate lines (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/38219\">https://github.com/ansible/ansible/issues/38219</a>)\n - password lookup - Do not load password lookup in network filters,\n allowing the password lookup to be overriden\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/41907\">https://github.com/ansible/ansible/pull/41907</a>)\n - pause - ensure ctrl+c interrupt works in all cases\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/35372\">https://github.com/ansible/ansible/issues/35372</a>)\n - powershell - use the tmpdir set by `remote_tmp` for become/async tasks\n instead of the generic $env:TEMP -\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/40210\">https://github.com/ansible/ansible/pull/40210</a>\n - selinux - correct check mode behavior to report same changes as normal\n mode (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/40721\">https://github.com/ansible/ansible/pull/40721</a>)\n - spwd - With python 3.6 spwd.getspnam returns PermissionError instead\n of KeyError if user does not have privileges\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/39472\">https://github.com/ansible/ansible/issues/39472</a>)\n - synchronize - Ensure the local connection created by synchronize uses\n _remote_is_local=True, which causes ActionBase to build a local tmpdir\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/40833\">https://github.com/ansible/ansible/pull/40833</a>)\n - template - Fix for encoding issues when a template path contains\n non-ascii characters and using the template path in ansible_managed\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/27262\">https://github.com/ansible/ansible/issues/27262</a>)\n - template action plugin - fix the encoding of filenames to avoid\n tracebacks on Python2 when characters that are not present in the\n user's locale are present.\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/39424\">https://github.com/ansible/ansible/pull/39424</a>)\n - user - only change the expiration time when necessary\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/13235\">https://github.com/ansible/ansible/issues/13235</a>)\n - uses correct conn info for reset_connection\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/27520\">https://github.com/ansible/ansible/issues/27520</a>\n - win_environment - Fix for issue where the environment value was\n deleted when a null value or empty string was set -\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/40450\">https://github.com/ansible/ansible/issues/40450</a>\n - win_file - fix issue where special chars like [ and ] were not being\n handled correctly <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/37901\">https://github.com/ansible/ansible/pull/37901</a>\n - win_get_url - fixed a few bugs around authentication and force no when\n using an FTP URL\n - win_iis_webapppool - redirect some module output to null so Ansible\n can read the output JSON\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/40874\">https://github.com/ansible/ansible/issues/40874</a>\n - win_template - fix when specifying the dest option as a directory with\n and without the trailing slash\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/39886\">https://github.com/ansible/ansible/issues/39886</a>\n - win_updates - Added the ability to run on a scheduled task for older\n hosts so async starts working again -\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/38364\">https://github.com/ansible/ansible/issues/38364</a>\n - win_updates - Fix logic when using a whitelist for multiple updates\n - win_updates - Fix typo that hid the download error when a download\n failed\n - win_updates - Fixed issue where running win_updates on async fails\n without any error\n - windows become - Show better error messages when the become process\n fails\n - winrm - Add better error handling when the kinit process fails\n - winrm - allow `ansible_user` or `ansible_winrm_user` to override\n `ansible_ssh_user` when both are defined in an inventory -\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/39844\">https://github.com/ansible/ansible/issues/39844</a>\n - winrm - ensure pexpect is set to not echo the input on a failure and\n have a manual sanity check afterwards\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/issues/41865\">https://github.com/ansible/ansible/issues/41865</a>\n - winrm connection plugin - Fix exception messages sometimes raising a\n traceback when the winrm connection plugin encounters an unrecoverable\n error. <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/39333\">https://github.com/ansible/ansible/pull/39333</a>\n - xenserver_facts - ensure module works with newer versions of XenServer\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/35821\">https://github.com/ansible/ansible/pull/35821</a>)\n\n - use python3 on (open)SUSE 15 or newer\n\n - Update to 2.5.5\n - Changed the admin_users config option to not include "admin" by\n default as admin is frequently used for a non-privileged account\n - aws_s3 - add async support to the action plugin\n - aws_s3 - fix decrypting vault files\n - ec2_ami - cast the device_mapping volume size to an int\n - eos_logging - fix idempotency issues\n - cache plugins - A cache timeout of 0 means the cache will not expire.\n - ios_logging - fix idempotency issues\n - ios/nxos/eos_config - don't retrieve config in running_config when\n config is provided for diff\n - nxos_banner - fix multiline banner issue\n - nxos terminal plugin - fix output truncation\n - nxos_l3_interface - fix no switchport issue with loopback and svi\n interfaces\n - nxos_snapshot - fix compare_option\n\n - update to 2.2.3.0 (boo#1056094)\n * Various minor bug fixes\n\n", "edition": 1, "modified": "2019-02-23T15:08:47", "published": "2019-02-23T15:08:47", "id": "OPENSUSE-SU-2019:0238-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00057.html", "title": "Security update for ansible (moderate)", "type": "suse", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-06-27T14:41:53", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16859", "CVE-2018-16876", "CVE-2019-3828", "CVE-2018-16837"], "description": "This update for ansible fixes the following issues:\n\n Ansible was updated to version 2.8.1:\n\n Full changelog is at /usr/share/doc/packages/ansible/changelogs/\n\n - Bugfixes\n\n - ACI - DO not encode query_string\n - ACI modules - Fix non-signature authentication\n - Add missing directory provided via ``--playbook-dir`` to adjacent\n collection loading\n - Fix "Interface not found" errors when using eos_l2_interface with\n nonexistant interfaces configured\n - Fix cannot get credential when `source_auth` set to `credential_file`.\n - Fix netconf_config backup string issue\n - Fix privilege escalation support for the docker connection plugin when\n credentials need to be supplied (e.g. sudo with password).\n - Fix vyos cli prompt inspection\n - Fixed loading namespaced documentation fragments from collections.\n - Fixing bug came up after running cnos_vrf module against coverity.\n - Properly handle data importer failures on PVC creation, instead of\n timing out.\n - To fix the ios static route TC failure in CI\n - To fix the nios member module params\n - To fix the nios_zone module idempotency failure\n - add terminal initial prompt for initial connection\n - allow include_role to work with ansible command\n - allow python_requirements_facts to report on dependencies containing\n dashes\n - asa_config fix\n - azure_rm_roledefinition - fix a small error in build scope.\n - azure_rm_virtualnetworkpeering - fix cross subscriptions virtual\n network peering.\n - cgroup_perf_recap - When not using file_per_task, make sure we don't\n prematurely close the perf files\n - display underlying error when reporting an invalid ``tasks:`` block.\n - dnf - fix wildcard matching for state: absent\n - docker connection plugin - accept version ``dev`` as 'newest version'\n and print warning.\n - docker_container - ``oom_killer`` and ``oom_score_adj`` options are\n available since docker-py 1.8.0, not 2.0.0 as assumed by the version\n check.\n - docker_container - fix network creation when\n ``networks_cli_compatible`` is enabled.\n - docker_container - use docker API's ``restart`` instead of\n ``stop``/``start`` to restart a container.\n - docker_image - if ``build`` was not specified, the wrong default for\n ``build.rm`` is used.\n - docker_image - if ``nocache`` set to ``yes`` but not\n ``build.nocache``, the module failed.\n - docker_image - module failed when ``source: build`` was set but\n ``build.path`` options not specified.\n - docker_network module - fix idempotency when using ``aux_addresses``\n in ``ipam_config``.\n - ec2_instance - make Name tag idempotent\n - eos: don't fail modules without become set, instead show message and\n continue\n - eos_config: check for session support when asked to 'diff_against:\n session'\n - eos_eapi: fix idempotency issues when vrf was unspecified.\n - fix bugs for ce - more info see\n - fix incorrect uses of to_native that should be to_text instead.\n - hcloud_volume - Fix idempotency when attaching a server to a volume.\n - ibm_storage - Added a check for null fields in ibm_storage utils\n module.\n - include_tasks - whitelist ``listen`` as a valid keyword\n - k8s - resource updates applied with force work correctly now\n - keep results subset also when not no_log.\n - meraki_switchport - improve reliability with native VLAN functionality.\n - netapp_e_iscsi_target - fix netapp_e_iscsi_target chap secret size and\n clearing functionality\n - netapp_e_volumes - fix workload profileId indexing when no previous\n workload tags exist on the storage array.\n - nxos_acl some platforms/versions raise when no ACLs are present\n - nxos_facts fix <<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/57009\">https://github.com/ansible/ansible/pull/57009</a>>\n - nxos_file_copy fix passwordless workflow\n - nxos_interface Fix admin_state check for n6k\n - nxos_snmp_traps fix group all for N35 platforms\n - nxos_snmp_user fix platform fixes for get_snmp_user\n - nxos_vlan mode idempotence bug\n - nxos_vlan vlan names containing regex ctl chars should be escaped\n - nxos_vtp_* modules fix n6k issues\n - openssl_certificate - fix private key passphrase handling for\n ``cryptography`` backend.\n - openssl_pkcs12 - fixes crash when private key has a passphrase and the\n module is run a second time.\n - os_stack - Apply tags conditionally so that the module does not throw\n up an error when using an older distro of openstacksdk\n - pass correct loading context to persistent connections other than local\n - pkg_mgr - Ansible 2.8.0 failing to install yum packages on Amazon Linux\n - postgresql - added initial SSL related tests\n - postgresql - added missing_required_libs, removed excess param mapping\n - postgresql - move connect_to_db and get_pg_version into\n module_utils/postgres.py\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/55514\">https://github.com/ansible/ansible/pull/55514</a>)\n - postgresql_db - add note to the documentation about state dump and the\n incorrect rc (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/57297\">https://github.com/ansible/ansible/pull/57297</a>)\n - postgresql_db - fix for postgresql_db fails if stderr contains output\n - postgresql_ping - fixed a typo in the module documentation\n - preserve actual ssh error when we cannot connect.\n - route53_facts - the module did not advertise check mode support,\n causing it not to be run in check mode.\n - sysctl: the module now also checks the output of STDERR to report if\n values are correctly set\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/55695\">https://github.com/ansible/ansible/pull/55695</a>)\n - ufw - correctly check status when logging is off\n - uri - always return a value for status even during failure\n - urls - Handle redirects properly for IPv6 address by not splitting on\n ``:`` and rely on already parsed hostname and port values\n - vmware_vm_facts - fix the support with regular ESXi\n - vyos_interface fix <<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/57169\">https://github.com/ansible/ansible/pull/57169</a>>\n - we don't really need to template vars on definition as we do this on\n demand in templating.\n - win_acl - Fix qualifier parser when using UNC paths -\n - win_hostname - Fix non netbios compliant name handling\n - winrm - Fix issue when attempting to parse CLIXML on send input failure\n - xenserver_guest - fixed an issue where VM whould be powered off even\n though check mode is used if reconfiguration requires VM to be powered\n off.\n - xenserver_guest - proper error message is shown when maximum number of\n network interfaces is reached and multiple network interfaces are\n added at\n once.\n - yum - Fix false error message about autoremove not being supported\n - yum - fix failure when using ``update_cache`` standalone\n - yum - handle special "_none_" value for proxy in yum.conf and .repo\n files\n\n Update to version 2.8.0\n\n Major changes:\n\n * Experimental support for Ansible Collections and content namespacing -\n Ansible content can now be packaged in a collection and addressed via\n namespaces. This allows for easier sharing, distribution, and\n installation\n of bundled modules/roles/plugins, and consistent rules for accessing\n specific content via namespaces.\n * Python interpreter discovery - The first time a Python module runs on\n a target, Ansible will attempt to discover the proper default Python\n interpreter to use for the target platform/version (instead of\n immediately defaulting to /usr/bin/python). You can override this\n behavior by setting ansible_python_interpreter or via config. (see\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/50163\">https://github.com/ansible/ansible/pull/50163</a>)\n * become - The deprecated CLI arguments for --sudo, --sudo-user,\n --ask-sudo-pass, -su, --su-user, and --ask-su-pass have been removed,\n in favor of the more generic --become, --become-user,\n --become-method, and\n --ask-become-pass.\n * become - become functionality has been migrated to a plugin\n architecture, to allow customization of become functionality and 3rd\n party become methods (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/50991\">https://github.com/ansible/ansible/pull/50991</a>)\n\n - addresses CVE-2018-16859, CVE-2018-16876, CVE-2019-3828, CVE-2018-16837\n\n For the full changelog see /usr/share/doc/packages/ansible/changelogs or\n online:\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2\">https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2</a>.\n 8.rst\n\n", "edition": 1, "modified": "2019-06-27T12:29:04", "published": "2019-06-27T12:29:04", "id": "OPENSUSE-SU-2019:1635-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00079.html", "title": "Security update for ansible (moderate)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-14T10:32:06", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16859", "CVE-2018-16876", "CVE-2019-3828", "CVE-2018-16837"], "description": "This update for ansible fixes the following issues:\n\n Ansible was updated to version 2.8.1:\n\n Full changelog is at /usr/share/doc/packages/ansible/changelogs/\n\n - Bugfixes\n\n - ACI - DO not encode query_string\n - ACI modules - Fix non-signature authentication\n - Add missing directory provided via ``--playbook-dir`` to adjacent\n collection loading\n - Fix "Interface not found" errors when using eos_l2_interface with\n nonexistant interfaces configured\n - Fix cannot get credential when `source_auth` set to `credential_file`.\n - Fix netconf_config backup string issue\n - Fix privilege escalation support for the docker connection plugin when\n credentials need to be supplied (e.g. sudo with password).\n - Fix vyos cli prompt inspection\n - Fixed loading namespaced documentation fragments from collections.\n - Fixing bug came up after running cnos_vrf module against coverity.\n - Properly handle data importer failures on PVC creation, instead of\n timing out.\n - To fix the ios static route TC failure in CI\n - To fix the nios member module params\n - To fix the nios_zone module idempotency failure\n - add terminal initial prompt for initial connection\n - allow include_role to work with ansible command\n - allow python_requirements_facts to report on dependencies containing\n dashes\n - asa_config fix\n - azure_rm_roledefinition - fix a small error in build scope.\n - azure_rm_virtualnetworkpeering - fix cross subscriptions virtual\n network peering.\n - cgroup_perf_recap - When not using file_per_task, make sure we don't\n prematurely close the perf files\n - display underlying error when reporting an invalid ``tasks:`` block.\n - dnf - fix wildcard matching for state: absent\n - docker connection plugin - accept version ``dev`` as 'newest version'\n and print warning.\n - docker_container - ``oom_killer`` and ``oom_score_adj`` options are\n available since docker-py 1.8.0, not 2.0.0 as assumed by the version\n check.\n - docker_container - fix network creation when\n ``networks_cli_compatible`` is enabled.\n - docker_container - use docker API's ``restart`` instead of\n ``stop``/``start`` to restart a container.\n - docker_image - if ``build`` was not specified, the wrong default for\n ``build.rm`` is used.\n - docker_image - if ``nocache`` set to ``yes`` but not\n ``build.nocache``, the module failed.\n - docker_image - module failed when ``source: build`` was set but\n ``build.path`` options not specified.\n - docker_network module - fix idempotency when using ``aux_addresses``\n in ``ipam_config``.\n - ec2_instance - make Name tag idempotent\n - eos: don't fail modules without become set, instead show message and\n continue\n - eos_config: check for session support when asked to 'diff_against:\n session'\n - eos_eapi: fix idempotency issues when vrf was unspecified.\n - fix bugs for ce - more info see\n - fix incorrect uses of to_native that should be to_text instead.\n - hcloud_volume - Fix idempotency when attaching a server to a volume.\n - ibm_storage - Added a check for null fields in ibm_storage utils\n module.\n - include_tasks - whitelist ``listen`` as a valid keyword\n - k8s - resource updates applied with force work correctly now\n - keep results subset also when not no_log.\n - meraki_switchport - improve reliability with native VLAN functionality.\n - netapp_e_iscsi_target - fix netapp_e_iscsi_target chap secret size and\n clearing functionality\n - netapp_e_volumes - fix workload profileId indexing when no previous\n workload tags exist on the storage array.\n - nxos_acl some platforms/versions raise when no ACLs are present\n - nxos_facts fix <<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/57009\">https://github.com/ansible/ansible/pull/57009</a>>\n - nxos_file_copy fix passwordless workflow\n - nxos_interface Fix admin_state check for n6k\n - nxos_snmp_traps fix group all for N35 platforms\n - nxos_snmp_user fix platform fixes for get_snmp_user\n - nxos_vlan mode idempotence bug\n - nxos_vlan vlan names containing regex ctl chars should be escaped\n - nxos_vtp_* modules fix n6k issues\n - openssl_certificate - fix private key passphrase handling for\n ``cryptography`` backend.\n - openssl_pkcs12 - fixes crash when private key has a passphrase and the\n module is run a second time.\n - os_stack - Apply tags conditionally so that the module does not throw\n up an error when using an older distro of openstacksdk\n - pass correct loading context to persistent connections other than local\n - pkg_mgr - Ansible 2.8.0 failing to install yum packages on Amazon Linux\n - postgresql - added initial SSL related tests\n - postgresql - added missing_required_libs, removed excess param mapping\n - postgresql - move connect_to_db and get_pg_version into\n module_utils/postgres.py\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/55514\">https://github.com/ansible/ansible/pull/55514</a>)\n - postgresql_db - add note to the documentation about state dump and the\n incorrect rc (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/57297\">https://github.com/ansible/ansible/pull/57297</a>)\n - postgresql_db - fix for postgresql_db fails if stderr contains output\n - postgresql_ping - fixed a typo in the module documentation\n - preserve actual ssh error when we cannot connect.\n - route53_facts - the module did not advertise check mode support,\n causing it not to be run in check mode.\n - sysctl: the module now also checks the output of STDERR to report if\n values are correctly set\n (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/55695\">https://github.com/ansible/ansible/pull/55695</a>)\n - ufw - correctly check status when logging is off\n - uri - always return a value for status even during failure\n - urls - Handle redirects properly for IPv6 address by not splitting on\n ``:`` and rely on already parsed hostname and port values\n - vmware_vm_facts - fix the support with regular ESXi\n - vyos_interface fix <<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/57169\">https://github.com/ansible/ansible/pull/57169</a>>\n - we don't really need to template vars on definition as we do this on\n demand in templating.\n - win_acl - Fix qualifier parser when using UNC paths -\n - win_hostname - Fix non netbios compliant name handling\n - winrm - Fix issue when attempting to parse CLIXML on send input failure\n - xenserver_guest - fixed an issue where VM whould be powered off even\n though check mode is used if reconfiguration requires VM to be powered\n off.\n - xenserver_guest - proper error message is shown when maximum number of\n network interfaces is reached and multiple network interfaces are\n added at\n once.\n - yum - Fix false error message about autoremove not being supported\n - yum - fix failure when using ``update_cache`` standalone\n - yum - handle special "_none_" value for proxy in yum.conf and .repo\n files\n\n Update to version 2.8.0\n\n Major changes:\n\n * Experimental support for Ansible Collections and content namespacing -\n Ansible content can now be packaged in a collection and addressed via\n namespaces. This allows for easier sharing, distribution, and\n installation\n of bundled modules/roles/plugins, and consistent rules for accessing\n specific content via namespaces.\n * Python interpreter discovery - The first time a Python module runs on\n a target, Ansible will attempt to discover the proper default Python\n interpreter to use for the target platform/version (instead of\n immediately defaulting to /usr/bin/python). You can override this\n behavior by setting ansible_python_interpreter or via config. (see\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/50163\">https://github.com/ansible/ansible/pull/50163</a>)\n * become - The deprecated CLI arguments for --sudo, --sudo-user,\n --ask-sudo-pass, -su, --su-user, and --ask-su-pass have been removed,\n in favor of the more generic --become, --become-user,\n --become-method, and\n --ask-become-pass.\n * become - become functionality has been migrated to a plugin\n architecture, to allow customization of become functionality and 3rd\n party become methods (<a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/pull/50991\">https://github.com/ansible/ansible/pull/50991</a>)\n\n - addresses CVE-2018-16859, CVE-2018-16876, CVE-2019-3828, CVE-2018-16837\n\n For the full changelog see /usr/share/doc/packages/ansible/changelogs or\n online:\n <a rel=\"nofollow\" href=\"https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2\">https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2</a>.\n 8.rst\n\n\n This update was imported from the openSUSE:Leap:15.1:Update update project.\n\n", "edition": 1, "modified": "2019-08-14T09:16:38", "published": "2019-08-14T09:16:38", "id": "OPENSUSE-SU-2019:1858-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html", "title": "Security update for ansible (moderate)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "github": [{"lastseen": "2021-01-09T00:27:13", "bulletinFamily": "software", "cvelist": ["CVE-2018-10855"], "description": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.", "edition": 4, "modified": "2021-01-08T21:10:47", "published": "2018-10-10T17:23:20", "id": "GHSA-JWCC-J78W-J73W", "href": "https://github.com/advisories/GHSA-jwcc-j78w-j73w", "title": "High severity vulnerability that affects ansible", "type": "github", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-23T12:21:05", "bulletinFamily": "software", "cvelist": ["CVE-2019-3828"], "description": "Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.", "edition": 3, "modified": "2019-07-03T21:02:07", "published": "2019-04-15T16:19:19", "id": "GHSA-74VQ-H4Q8-X6JV", "href": "https://github.com/advisories/GHSA-74vq-h4q8-x6jv", "title": "Critical severity vulnerability that affects ansible", "type": "github", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N"}}]}
