Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in ansible
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in ansible
ID: SUSE-SU-2021:2121-1
Distribution: SUSE
Plattformen: SUSE OpenStack Cloud Crowbar 8, SUSE HPE Helion Openstack 8, SUSE OpenStack Cloud 8
Datum: Di, 22. Juni 2021, 22:55
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228
Applikationen: Ansible

Originalnachricht


SUSE Security Update: Security update for ansible
______________________________________________________________________________

Announcement ID: SUSE-SU-2021:2121-1
Rating: moderate
References: #1180816 #1180942 #1181119 #1181935 #1183684

Cross-References: CVE-2021-20178 CVE-2021-20180 CVE-2021-20191
CVE-2021-20228 CVE-2021-3447
CVSS scores:
CVE-2021-20178 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-20178 (SUSE): 5
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CVE-2021-20180 (SUSE): 5
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CVE-2021-20191 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-20191 (SUSE): 5
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CVE-2021-20228 (NVD) : 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-20228 (SUSE): 5
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CVE-2021-3447 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-3447 (SUSE): 5
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Affected Products:
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud 8
HPE Helion Openstack 8
______________________________________________________________________________

An update that fixes 5 vulnerabilities is now available.

Description:

This update for ansible fixes the following issues:

- Update to 2.9.22:
- CVE-2021-3447: multiple modules expose secured values (bsc#1183684)
- CVE-2021-20228: basic.py no_log with fallback option (bsc#1181935)
- CVE-2021-20191: multiple collections exposes secured values (bsc#1181119)
- CVE-2021-20180: bitbucket_pipeline_variable exposes sensitive values
(bsc#1180942)
- CVE-2021-20178: user data leak in snmp_facts module (bsc#1180816)


Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE OpenStack Cloud Crowbar 8:

zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2121=1

- SUSE OpenStack Cloud 8:

zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2121=1

- HPE Helion Openstack 8:

zypper in -t patch HPE-Helion-OpenStack-8-2021-2121=1



Package List:

- SUSE OpenStack Cloud Crowbar 8 (x86_64):

ansible-2.9.22-3.18.1

- SUSE OpenStack Cloud 8 (x86_64):

ansible-2.9.22-3.18.1

- HPE Helion Openstack 8 (x86_64):

ansible-2.9.22-3.18.1


References:

https://www.suse.com/security/cve/CVE-2021-20178.html
https://www.suse.com/security/cve/CVE-2021-20180.html
https://www.suse.com/security/cve/CVE-2021-20191.html
https://www.suse.com/security/cve/CVE-2021-20228.html
https://www.suse.com/security/cve/CVE-2021-3447.html
https://bugzilla.suse.com/1180816
https://bugzilla.suse.com/1180942
https://bugzilla.suse.com/1181119
https://bugzilla.suse.com/1181935
https://bugzilla.suse.com/1183684
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung