Overview
Request 721883 revoked
- (bsc#1142690) Adds CVE-2019-10206-data-disclosure.patch fixing
CVE-2019-10206: ansible-playbook -k and ansible cli tools
prompt passwords by expanding them from templates as they could
contain special characters. Passwords should be wrapped to
prevent templates trigger and exposing them.
- (bsc#1144453) Adds CVE-2019-10217-gcp-modules-sensitive-fields.patch
CVE-2019-10217: Fields managing sensitive data should be set as
such by no_log feature. Some of these fields in GCP modules are
not set properly. service_account_contents() which is common
class for all gcp modules is not setting no_log to True. Any
sensitive data managed by that function would be leak as an
output when running ansible playbooks.
- (bsc#1137528) Adds CVE-2019-10156-unexpected-key-set.patch
fixing CVE-2019-10156: [ansible_password] in the
~/.ssh/authorized_keys file is repalced by administrator's
password on remote node by templating.
- Created by mcepl
- In state revoked
- Supersedes 721841
- Open review for systemsmanagement / ansible
home:mcepl:branches:openSUSE:Leap:42.3:Update/ansible.openSUSE_Leap_42.3_Update@fc30bf1aeccbc95c5cb99904a0599a13 -> openSUSE:Leap:42.3:Update/ansible
expected origin is 'openSUSE:Leap:42.2' (changed)
Request History
mcepl created request
- (bsc#1142690) Adds CVE-2019-10206-data-disclosure.patch fixing
CVE-2019-10206: ansible-playbook -k and ansible cli tools
prompt passwords by expanding them from templates as they could
contain special characters. Passwords should be wrapped to
prevent templates trigger and exposing them.
- (bsc#1144453) Adds CVE-2019-10217-gcp-modules-sensitive-fields.patch
CVE-2019-10217: Fields managing sensitive data should be set as
such by no_log feature. Some of these fields in GCP modules are
not set properly. service_account_contents() which is common
class for all gcp modules is not setting no_log to True. Any
sensitive data managed by that function would be leak as an
output when running ansible playbooks.
- (bsc#1137528) Adds CVE-2019-10156-unexpected-key-set.patch
fixing CVE-2019-10156: [ansible_password] in the
~/.ssh/authorized_keys file is repalced by administrator's
password on remote node by templating.
maintbot added as a reviewer
Submission for ansible by someone who is not maintainer in the devel project (systemsmanagement). Please review
maintbot accepted review
ok
licensedigger accepted review
ok
factory-auto accepted review
Check script succeeded
msmeissn declined request
42.3 is eol
mcepl revoked request
home:mcepl:branches:openSUSE:Leap:42.3:Update/ansible.openSUSE_Leap_42.3_Update@c192c33af4bb713fe6debf157205ff90 -> openSUSE:Leap:42.3:Update/ansible
expected origin is 'openSUSE:Leap:42.2' (changed)