[ubuntu/xenial-updates] ansible 2.0.0.2-2ubuntu1.3 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Jul 22 19:28:09 UTC 2019


ansible (2.0.0.2-2ubuntu1.3) xenial-security; urgency=medium

  * SECURITY REGRESSION: Fix indentation, missing dependencies, and calls.
    - debian/patches/CVE-2018-10875.patch: Fix indentation and dependency.
    - debian/patches/CVE-2018-16837.patch: Fix dependency.
    - debian/patches/CVE-2017-7481.patch: Fix function call.
    - CVE-2017-7481
    - CVE-2018-10875
    - CVE-2018-16837

ansible (2.0.0.2-2ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Fix vulnerability where a local user could use symlinks
    to write arbitrary files or gain privileges.
    - debian/patches/CVE-2016-3096.patch: Do not use a predictable filenames
      in the LXC plugin.
    - CVE-2016-3096
  * SECURITY UPDATE: Avoid unicode strings injection.
    - debian/patches/CVE-2017-7481.patch: Fixing security issue with lookup
      returns not tainting the jinja2 environment.
    - CVE-2017-7481
  * SECURITY UPDATE: Fix a flaw in ansible.cfg where an attacker could point
    to a plugin or a module path under control and execute arbitrary code.
    - debian/patches/CVE-2018-10875.patch: Ignore ansible.cfg in world
      writable cwd.
    - CVE-2018-10875
  * SECURITY UPDATE: Avoid information disclosure in log and command line.
    - debian/patches/CVE-2018-16837.patch: user: Don't pass ssh_key_passphrase
      on command line.
    - CVE-2018-16837

Date: 2019-07-18 20:46:13.140447+00:00
Changed-By: Paulo Flabiano Smorigo <pfsmorigo at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/ansible/2.0.0.2-2ubuntu1.3
-------------- next part --------------
Sorry, changesfile not available.


More information about the Xenial-changes mailing list