Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system: CVE-2018-10855 / CVE-2018-16876 The no_log task flag wasn't honored, resulting in an information leak. CVE-2018-10875 ansible.cfg was read from the current working directory. CVE-2018-16837 The user module leaked parameters passed to ssh-keygen to the process environment. CVE-2019-3828 The fetch module was susceptible to path traversal. For the stable distribution (stretch), these problems have been fixed in version 2.2.1.0-2+deb9u1. We recommend that you upgrade your ansible packages. For the detailed security status of ansible please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ansible
Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system:
The no_log task flag wasn't honored, resulting in an information leak.
ansible.cfg was read from the current working directory.
The user module leaked parameters passed to ssh-keygen to the process environment.
The fetch module was susceptible to path traversal.
For the stable distribution (stretch), these problems have been fixed in version 2.2.1.0-2+deb9u1.
We recommend that you upgrade your ansible packages.
For the detailed security status of ansible please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ansible