CVE-2018-16837

Debian Bug report logs - #912297 ansible: CVE-2018-16837 Package: ansible; Maintainer for ansible is Harlan Lieberman-Berg <hlieberman@debianorg>; Source for ansible is src:ansible (PTS, buildd, popcon) Reported by: Chris Lamb <lamby@debianorg> Date: Mon, 29 Oct 2018 21:54:02 UTC Severity: grave Tags: security Fo ...

Several security issues were fixed in Ansible ...

Synopsis Moderate: [ansible] security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 27Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base sco ...

Synopsis Moderate: [ansible] security update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 26Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...

Synopsis Moderate: [ansible] security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 2Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...

Synopsis Moderate: [ansible] security update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 25Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...

Synopsis Critical: Red Hat Ansible Tower 331-2 Release - Container Image Type/Severity Security Advisory: Critical Topic Security Advisory Description Red Hat Ansible Tower 331 is now available and contains the following bug fixes: Fixed event callback error when in-line vaulted variabl ...

Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system: CVE-2018-10855 / CVE-2018-16876 The no_log task flag wasn't honored, resulting in an information leak CVE-2018-10875 ansiblecfg was read from the current working directory CVE-2018-16837 The user module leaked param ...

The User module in Ansible leaks any data which is passed on as a parameter to ssh-keygen This could lead to undesirable situations such as passphrase credentials being passed as a parameter for the ssh-keygen executable, showing those credentials in clear text form for every user which have access just to the process list ...