Lucene search

K
suseSuseOPENSUSE-SU-2019:1125-1
HistoryApr 03, 2019 - 12:00 a.m.

Security update for ansible (moderate)

2019-04-0300:00:00
lists.opensuse.org
156

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

62.7%

An update that solves 5 vulnerabilities and has two fixes
is now available.

Description:

This update for ansible to version 2.7.8 fixes the following issues:

Security issues fixed:

  • CVE-2018-16837: Fixed an information leak in user module (bsc#1112959).
  • CVE-2018-16859: Fixed an issue which clould allow logging of password in
    plaintext in Windows powerShell (bsc#1116587).
  • CVE-2019-3828: Fixed a path traversal vulnerability in fetch module
    (bsc#1126503).
  • CVE-2018-10875: Fixed a potential code execution in ansible.cfg
    (bsc#1099808).
  • CVE-2018-16876: Fixed an issue which could allow information disclosure
    in vvv+ mode with no_log on (bsc#1118896).

Other issues addressed:

  • prepare update to 2.7.8 for multiple releases (boo#1102126, boo#1109957)

Release notes:
https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.
7.rst#id1

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • SUSE Package Hub for SUSE Linux Enterprise 12:

    zypper in -t patch openSUSE-2019-1125=1

OSVersionArchitecturePackageVersionFilename
SUSE Package Hub for SUSE Linux Enterprise12noarch< - SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):.noarch.rpm

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

62.7%

Related for OPENSUSE-SU-2019:1125-1