Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for ansible

This update for ansible to version 2.7.8 fixes the following issues:

Security issues fixed:

- CVE-2018-16837: Fixed an information leak in user module (bsc#1112959).
- CVE-2018-16859: Fixed an issue which clould allow logging of password in plaintext in Windows powerShell (bsc#1116587).
- CVE-2019-3828: Fixed a path traversal vulnerability in fetch module (bsc#1126503).
- CVE-2018-10875: Fixed a potential code execution in ansible.cfg (bsc#1099808).
- CVE-2018-16876: Fixed an issue which could allow information disclosure in vvv+ mode with no_log on (bsc#1118896).

Other issues addressed:

- prepare update to 2.7.8 for multiple releases (boo#1102126, boo#1109957)

Release notes: https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst#id1

Fixed bugs
bnc#1112959
VUL-0: CVE-2018-16837: ansible: Information leak in "user" module
bnc#1116587
VUL-1: CVE-2018-16859: ansible: become password logged in plaintext when used with PowerShell on Windows
bnc#1126503
VUL-1: CVE-2019-3828: ansible: path traversal in the fetch module
bnc#1099808
VUL-0: CVE-2018-10875: ansible: ansible.cfg is being read from current working directory allowing possible code execution
bnc#1118896
VUL-1: CVE-2018-16876: ansible: Information disclosure in vvv+ mode with no_log on
bnc#1102126
Ansible zypper module fails
bnc#1109957
ansible firewalld module fails
CVE-2018-16859
CVE-2018-16837
CVE-2019-3828
CVE-2018-16876
CVE-2018-10875
Selected Binaries
openSUSE Build Service is sponsored by
Places