File _patchinfo of Package patchinfo.9897
<patchinfo incident="9897"> <issue tracker="bnc" id="1112959">VUL-0: CVE-2018-16837: ansible: Information leak in "user" module</issue> <issue tracker="bnc" id="1116587">VUL-1: CVE-2018-16859: ansible: become password logged in plaintext when used with PowerShell on Windows</issue> <issue tracker="bnc" id="1126503">VUL-1: CVE-2019-3828: ansible: path traversal in the fetch module</issue> <issue tracker="bnc" id="1099808">VUL-0: CVE-2018-10875: ansible: ansible.cfg is being read from current working directory allowing possible code execution</issue> <issue tracker="bnc" id="1118896">VUL-1: CVE-2018-16876: ansible: Information disclosure in vvv+ mode with no_log on</issue> <issue tracker="bnc" id="1102126">Ansible zypper module fails</issue> <issue tracker="bnc" id="1109957">ansible firewalld module fails</issue> <issue tracker="cve" id="2018-16859"/> <issue tracker="cve" id="2018-16837"/> <issue tracker="cve" id="2019-3828"/> <issue tracker="cve" id="2018-16876"/> <issue tracker="cve" id="2018-10875"/> <category>security</category> <rating>moderate</rating> <packager>lrupp</packager> <description>This update for ansible to version 2.7.8 fixes the following issues: Security issues fixed: - CVE-2018-16837: Fixed an information leak in user module (bsc#1112959). - CVE-2018-16859: Fixed an issue which clould allow logging of password in plaintext in Windows powerShell (bsc#1116587). - CVE-2019-3828: Fixed a path traversal vulnerability in fetch module (bsc#1126503). - CVE-2018-10875: Fixed a potential code execution in ansible.cfg (bsc#1099808). - CVE-2018-16876: Fixed an issue which could allow information disclosure in vvv+ mode with no_log on (bsc#1118896). Other issues addressed: - prepare update to 2.7.8 for multiple releases (boo#1102126, boo#1109957) Release notes: https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst#id1 </description> <summary>Security update for ansible</summary> </patchinfo>
