-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ansible security and bug fix update Advisory ID: RHSA-2019:0431-01 Product: Red Hat Ansible Engine Advisory URL: https://access.redhat.com/errata/RHSA-2019:0431 Issue date: 2019-02-28 CVE Names: CVE-2019-3828 ==================================================================== 1. Summary: An update for ansible is now available for Ansible Engine 2.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Ansible Engine 2.7 for RHEL 7 Server - noarch 3. Description: Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.7.8) Security fix(es): * ansible: path traversal in the fetch module (CVE-2019-3828) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): See https://github.com/ansible/ansible/blob/v2.7.8/changelogs/CHANGELOG-v2.7.rs t for details on bug fixes in this release. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1676689 - CVE-2019-3828 Ansible: path traversal in the fetch module 6. Package List: Red Hat Ansible Engine 2.7 for RHEL 7 Server: Source: ansible-2.7.8-1.el7ae.src.rpm noarch: ansible-2.7.8-1.el7ae.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-3828 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXHeZwdzjgjWX9erEAQhwcw//SXRG0ocIHli07st6ug1qq4ly2vDL7yXM 5RP/rBp8Z66+5I4q15R1oCBY/+dxR62EvoWXiq3trB5E4cnbHNrBwe8Y4wznTCga XLEZGok5OHm7vmehHKK1rMromxxhjK2l2JjmrSxlFFkpx0NXLmfZPGpsTZoUwO2N o0VfqbgfbI4Yk92G2GJRBiAJKojTMaKJegCfT0jlxIJLIPQCKN3t9oahV8BS6DpT 8dt28fP90Zh2EuuBrt4vzsT3B8chau5+W36RNld8aT53i0lm+G1q3x8IWJXmps4F VHntLMjhDmdeYwS9m84i9xKXWR0Ohhp3lDY5E25P7q2MPWIEfYXbzNmH4yMNUKFa SxpymaYasDsC/q30PGUBPs6Uci+19QANuB5fEBn+1hNTtzMcmS2qv7e148e71QZQ TOjyZtra2KSXMOtyubUt4kLxxcfGPtMq1FoXI+3zpUnvvxKv2vX5oxfFkFFKlNmA 0ufRSVJYM7JLOzyfKA6jF18sFmLFhy7ZZdaYaO1AtNdc2ws+q0ImKgRR0hYRYVWz Z8p6bTZUnu2lyK89c6X8Qd8sPaR0GdhQNC67dHWuI7maSJUIRMio3SWwd4TOVFDH WusB1vWaCcVxYc+D0dTSL1jYZ8pcLfZZaNo4EVuiZaoVt9aXrmgnVs/O0fUW9N8d zn2p8dfe4Q4=j8oE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce