An update that solves 5 vulnerabilities and has two fixes is now available.
This update for ansible to version 2.7.8 fixes the following issues:
Security issues fixed:
- CVE-2018-16837: Fixed an information leak in user module (bsc#1112959). - CVE-2018-16859: Fixed an issue which clould allow logging of password in plaintext in Windows powerShell (bsc#1116587). - CVE-2019-3828: Fixed a path traversal vulnerability in fetch module (bsc#1126503). - CVE-2018-10875: Fixed a potential code execution in ansible.cfg (bsc#1099808). - CVE-2018-16876: Fixed an issue which could allow information disclosure in vvv+ mode with no_log on (bsc#1118896).
Other issues addressed:
- prepare update to 2.7.8 for multiple releases (boo#1102126, boo#1109957)