Mailinglist Archive: opensuse-security-announce (108 mails)

< Previous Next >
[security-announce] openSUSE-SU-2019:1125-1: moderate: Security update for ansible
openSUSE Security Update: Security update for ansible

Announcement ID: openSUSE-SU-2019:1125-1
Rating: moderate
References: #1099808 #1102126 #1109957 #1112959 #1116587
#1118896 #1126503
Cross-References: CVE-2018-10875 CVE-2018-16837 CVE-2018-16859
CVE-2018-16876 CVE-2019-3828
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12

An update that solves 5 vulnerabilities and has two fixes
is now available.


This update for ansible to version 2.7.8 fixes the following issues:

Security issues fixed:

- CVE-2018-16837: Fixed an information leak in user module (bsc#1112959).
- CVE-2018-16859: Fixed an issue which clould allow logging of password in
plaintext in Windows powerShell (bsc#1116587).
- CVE-2019-3828: Fixed a path traversal vulnerability in fetch module
- CVE-2018-10875: Fixed a potential code execution in ansible.cfg
- CVE-2018-16876: Fixed an issue which could allow information disclosure
in vvv+ mode with no_log on (bsc#1118896).

Other issues addressed:

- prepare update to 2.7.8 for multiple releases (boo#1102126, boo#1109957)

Release notes:

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2019-1125=1

Package List:

- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):



To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages