[ubuntu/xenial-updates] ansible 2.0.0.2-2ubuntu1.2 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Jul 17 19:03:56 UTC 2019
ansible (2.0.0.2-2ubuntu1.2) xenial-security; urgency=medium
* SECURITY UPDATE: Fix vulnerability where a local user could use symlinks
to write arbitrary files or gain privileges.
- debian/patches/CVE-2016-3096.patch: Do not use a predictable filenames
in the LXC plugin.
- CVE-2016-3096
* SECURITY UPDATE: Avoid unicode strings injection.
- debian/patches/CVE-2017-7481.patch: Fixing security issue with lookup
returns not tainting the jinja2 environment.
- CVE-2017-7481
* SECURITY UPDATE: Fix a flaw in ansible.cfg where an attacker could point
to a plugin or a module path under control and execute arbitrary code.
- debian/patches/CVE-2018-10875.patch: Ignore ansible.cfg in world
writable cwd.
- CVE-2018-10875
* SECURITY UPDATE: Avoid information disclosure in log and command line.
- debian/patches/CVE-2018-16837.patch: user: Don't pass ssh_key_passphrase
on command line.
- CVE-2018-16837
Date: 2019-07-16 15:11:13.706260+00:00
Changed-By: Paulo Flabiano Smorigo <pfsmorigo at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/ansible/2.0.0.2-2ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list