Overview Repositories Revisions Requests Users Attributes Meta
Security update for ansible

This update for ansible to version 2.4.1.0 fixes the following vulnerabilities:

- CVE-2017-7481: Security issue with lookup return not tainting the jinja2 environment (bsc#1038785)
- CVE-2016-9587: host to controller command execution vulnerability (bsc#1019021)
- CVE-2016-8628: Command injection by compromised server via fact variables (bsc#1008037)
- CVE-2016-8614: Improper verification of key fingerprints in apt_key module (bsc#1008038)
- CVE-2017-7550: jenkins_plugin module may have exposed passwords in remote host logs (bsc#1065872)

This update also contains a number of upstream bug fixes and improvements.

Fixed bugs
bnc#1038785
VUL-0: CVE-2017-7481: ansible: Security issue with lookup return not tainting the jinja2 environment
bnc#1019021
VUL-0: CVE-2016-9587: ansible: host to controller command execution vulnerability
bnc#1008037
VUL-0: CVE-2016-8628: ansible: Command injection by compromised server via fact variables
bnc#1008038
VUL-0: CVE-2016-8614: ansible: Improper verification of key fingerprints in apt_key module
bnc#1065872
VUL-0: CVE-2017-7550 ansible: jenkins_plugin module exposes passwords in remote host logs
CVE-2017-7481
CVE-2016-9587
CVE-2016-8628
CVE-2016-8614
CVE-2017-7550
Selected Binaries
openSUSE Build Service is sponsored by
Places