Overview

File _patchinfo of Package patchinfo.7445

<patchinfo incident="7445">
  <issue tracker="bnc" id="1038785" />
  <issue tracker="bnc" id="1019021" />
  <issue tracker="bnc" id="1008037" />
  <issue tracker="bnc" id="1008038" />
  <issue tracker="bnc" id="1065872" />
  <issue tracker="cve" id="2017-7481" />
  <issue tracker="cve" id="2016-9587" />
  <issue tracker="cve" id="2016-8628" />
  <issue tracker="cve" id="2016-8614" />
  <issue tracker="cve" id="2017-7550" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>AndreasStieger</packager>
  <summary>Security update for ansible</summary>
  <description>This update for ansible to version 2.4.1.0 fixes the following vulnerabilities:
    
- CVE-2017-7481: Security issue with lookup return not tainting the jinja2 environment (bsc#1038785)
- CVE-2016-9587: host to controller command execution vulnerability (bsc#1019021)
- CVE-2016-8628: Command injection by compromised server via fact variables (bsc#1008037)
- CVE-2016-8614: Improper verification of key fingerprints in apt_key module (bsc#1008038)
- CVE-2017-7550: jenkins_plugin module may have exposed passwords in remote host logs (bsc#1065872)

This update also contains a number of upstream bug fixes and improvements.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places