Mehrere Probleme in Ansible
ID: | USN-4072-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 19.04 |
Datum: | Do, 25. Juli 2019, 07:34 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16876 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16837 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7481 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10875 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10855 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10874 |
Applikationen: | Ansible |
Originalnachricht |
|
--===============0114167877591708948== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="75u6otkbx47cqmsv" Content-Disposition: inline --75u6otkbx47cqmsv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ========================================================================== Ubuntu Security Notice USN-4072-1 July 24, 2019 ansible vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Ansible. Software Description: - ansible: Configuration management, deployment, and task execution system Details: It was discovered that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. (CVE-2017-7481) (CVE-2018-10855) (CVE-2018-16837) (CVE-2018-16876) (CVE-2019-10156) It was discovered that Ansible could load configuration files from the current working directory containing crafted commands. An attacker could run arbitrary code as result. (CVE-2018-10874) (CVE-2018-10875) It was discovered that Ansible fetch module had a path traversal vulnerability. A local attacker could copy and overwrite files outside of the specified destination. (CVE-2019-3828) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: ansible 2.7.8+dfsg-1ubuntu0.19.04.1 Ubuntu 18.04 LTS: ansible 2.5.1+dfsg-1ubuntu0.1 Ubuntu 16.04 LTS: ansible 2.0.0.2-2ubuntu1.3 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4072-1 CVE-2017-7481, CVE-2018-10855, CVE-2018-10874, CVE-2018-10875, CVE-2018-16837, CVE-2018-16876, CVE-2019-10156, CVE-2019-3828 Package Information: https://launchpad.net/ubuntu/+source/ansible/2.7.8+dfsg-1ubuntu0.19.04.1 https://launchpad.net/ubuntu/+source/ansible/2.5.1+dfsg-1ubuntu0.1 https://launchpad.net/ubuntu/+source/ansible/2.0.0.2-2ubuntu1.3 --75u6otkbx47cqmsv Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAl0492kACgkQbUp5kL3i zGbJBw//exWpkIwIDEI7sRlJlvNFMyKCxaIwTxk1j3yyTG5weztVaJUc5jrauUVe K1p54pINNPqGOtuVz9c2ADZS7sSxYHPaqUYKd4CjFX0P+YICZNsjHFmuSI85xRJa +qQsevmaqpk1+MdA/X625uOsdTyYOjnee14gXsxWSSqoiapyI6DED47ha5yeyRLe l4RY5D1xLHnAQjyeVveTtNihKho2Dbxso+6fFuemCoQbN5+PBBlhM3zvaHnCPf+q 4CRGu4Pi9utMfl9jnwJAqszSNLRpikBeOcQiiPh/zXzrhGhAY7tMcRJEdYHkE4Bh 1D2Mp+nuk7gnYksNG7WFlzuD30Pl9EWVfhzdDyklt1xGesiZN8qO/7BjJ+AnfRW2 6QnA46k+RiBifiGsVZNR1Xl/TgZW3TFQOqQp8M/pldUeNqiCAOArqWo71ctpsNlE U8ErywjMwbLdHWkaMklWnrHbaT1ecAESJaM3+DWCYU2LMLVzBQbfczsoseuEs0pc aqFvM4SIvpmE348n22rA7PNQ/UXH6fXPQoyz5HvKyVYrO8DHaG84UN0UdqTyLee7 K9SfYkyMJqCdA43+oTFPmAdsSynjdTzpyK8RY8dFWOWNkjFBGbjk7Om7EBiky/9u fts0QqKjwpTRAAOahIM4leWBqxtL2eArnM5qQuzD/K75PsJc2XM= =9GEx -----END PGP SIGNATURE----- --75u6otkbx47cqmsv-- --===============0114167877591708948== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce |