Debian Security Advisory 4396-1

Debian Security Advisory 4396-1: Posted Feb 20, 2019; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4396-1 - Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2018-10855, CVE-2018-10875, CVE-2018-16837, CVE-2018-16876, CVE-2019-3828; SHA-256 | 2dde31e5783af9038db0eb1aa458aab47e774751c9f88602e04c74b7ca36d972; Download | Favorite | View

Debian Security Advisory 4396-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4396-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 19, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ansible
CVE ID         : CVE-2018-10855 CVE-2018-10875 CVE-2018-16837 CVE-2018-16876
                 CVE-2019-3828

Several vulnerabilities have been found in Ansible, a configuration
management, deployment, and task execution system:

CVE-2018-10855 / CVE-2018-16876

    The no_log task flag wasn't honored, resulting in an information leak.

CVE-2018-10875

    ansible.cfg was read from the current working directory.

CVE-2018-16837

    The user module leaked parameters passed to ssh-keygen to the process
    environment.

CVE-2019-3828

    The fetch module was susceptible to path traversal.

For the stable distribution (stretch), these problems have been fixed in
version 2.2.1.0-2+deb9u1.

We recommend that you upgrade your ansible packages.

For the detailed security status of ansible please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ansible

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlxsexYACgkQEMKTtsN8
TjY67xAAk1Fr8XGSUj2Q+J7PjEuPemV2xcfjXx34pVxRsMvbVtqqceJ9fYI+uoOa
64Pc23rmYLq9lM2Bc4t4yjzpKmxl54PnKKTkV8q5MO2FMtv8DPVG1556/AsnyBy8
SJhyuP4xSg+4wJ91xHxAuSBE9QlCiGMA7OjGhrJRGJ7+PF7cxCNNbIBkyGQm25E0
X8Qpdsz5wt2aCDldvjOyGpUOhLQ1ra3AKeqmF5NOc40iSEi+nm7wAsTtFK5Upok7
NB6qLkHza/3wauvVe01qKsjYVAkhCy9ZaHIDdqZ8ODnJUrAWCCGIzQrPu7kkEtWm
jqnYQI2mSgP7lcJWm2QwEvPr8r1Xgj72RG/3fTCc6hMadZcIpFUXQmx4NBwUJrTp
oLSLv+2GDRTxHZTwSlRHACT+sZ5h6yADR7JSsPG2WHQ3Rl+fh9Pp0IYAMTT/OoQx
6BWGA47UlbYTBHsSlEPzxd8Ti30hHUXMdnnSbueUJ8S6F+wCTDndJkLioy+6iAPz
XIQXoWkj5tZZ6vlObj5eVW59pWUa6FKbKwmHykhsEhILDAfTt5PSnYM1uByDQvNc
Iv/2mKjKyoQXcBuKEJPaVYMirDb7Eub6RUOrjiiu/GSpVTB6CfR1sVmmM4GfKpTN
jLOL6Sz4bZ51n+IHBuQGpgiDV3aeoPXaXJKZt0I35civ9fqIj3c=R7R0
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 172 files
Ubuntu 47 files
Debian 22 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
tmrswrr 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Debian Security Advisory 4396-1

Debian Security Advisory 4396-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4396-1

Share This

Debian Security Advisory 4396-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems