drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Ansible
Name: |
Mehrere Probleme in Ansible |
|
ID: |
USN-4072-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 19.04 |
|
Datum: |
Do, 25. Juli 2019, 07:34 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16876
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7481
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10875
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10874 |
|
Applikationen: |
Ansible |
|
Originalnachricht |
--===============0114167877591708948== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="75u6otkbx47cqmsv" Content-Disposition: inline
--75u6otkbx47cqmsv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-4072-1 July 24, 2019
ansible vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Ansible.
Software Description: - ansible: Configuration management, deployment, and task execution system
Details:
It was discovered that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. (CVE-2017-7481) (CVE-2018-10855) (CVE-2018-16837) (CVE-2018-16876) (CVE-2019-10156)
It was discovered that Ansible could load configuration files from the current working directory containing crafted commands. An attacker could run arbitrary code as result. (CVE-2018-10874) (CVE-2018-10875)
It was discovered that Ansible fetch module had a path traversal vulnerability. A local attacker could copy and overwrite files outside of the specified destination. (CVE-2019-3828)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.04: ansible 2.7.8+dfsg-1ubuntu0.19.04.1
Ubuntu 18.04 LTS: ansible 2.5.1+dfsg-1ubuntu0.1
Ubuntu 16.04 LTS: ansible 2.0.0.2-2ubuntu1.3
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/4072-1 CVE-2017-7481, CVE-2018-10855, CVE-2018-10874, CVE-2018-10875, CVE-2018-16837, CVE-2018-16876, CVE-2019-10156, CVE-2019-3828
Package Information: https://launchpad.net/ubuntu/+source/ansible/2.7.8+dfsg-1ubuntu0.19.04.1 https://launchpad.net/ubuntu/+source/ansible/2.5.1+dfsg-1ubuntu0.1 https://launchpad.net/ubuntu/+source/ansible/2.0.0.2-2ubuntu1.3
--75u6otkbx47cqmsv Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAl0492kACgkQbUp5kL3i zGbJBw//exWpkIwIDEI7sRlJlvNFMyKCxaIwTxk1j3yyTG5weztVaJUc5jrauUVe K1p54pINNPqGOtuVz9c2ADZS7sSxYHPaqUYKd4CjFX0P+YICZNsjHFmuSI85xRJa +qQsevmaqpk1+MdA/X625uOsdTyYOjnee14gXsxWSSqoiapyI6DED47ha5yeyRLe l4RY5D1xLHnAQjyeVveTtNihKho2Dbxso+6fFuemCoQbN5+PBBlhM3zvaHnCPf+q 4CRGu4Pi9utMfl9jnwJAqszSNLRpikBeOcQiiPh/zXzrhGhAY7tMcRJEdYHkE4Bh 1D2Mp+nuk7gnYksNG7WFlzuD30Pl9EWVfhzdDyklt1xGesiZN8qO/7BjJ+AnfRW2 6QnA46k+RiBifiGsVZNR1Xl/TgZW3TFQOqQp8M/pldUeNqiCAOArqWo71ctpsNlE U8ErywjMwbLdHWkaMklWnrHbaT1ecAESJaM3+DWCYU2LMLVzBQbfczsoseuEs0pc aqFvM4SIvpmE348n22rA7PNQ/UXH6fXPQoyz5HvKyVYrO8DHaG84UN0UdqTyLee7 K9SfYkyMJqCdA43+oTFPmAdsSynjdTzpyK8RY8dFWOWNkjFBGbjk7Om7EBiky/9u fts0QqKjwpTRAAOahIM4leWBqxtL2eArnM5qQuzD/K75PsJc2XM= =9GEx -----END PGP SIGNATURE-----
--75u6otkbx47cqmsv--
--===============0114167877591708948== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|