SUSE-SU-2017:3029-1

Source
https://www.suse.com/support/update/announcement/2017/suse-su-20173029-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:3029-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2017:3029-1
Related
Published
2017-11-17T12:26:42Z
Modified
2017-11-17T12:26:42Z
Summary
Security update for ansible and monasca-installer
Details

This update for ansible provides version 2.2.3.0 and fixes the following security issues:

  • CVE-2017-7481: Data for lookup plugins used as variables was not being marked as 'unsafe' and could lead to unintentional disclosure of information. (bsc#1038785)
  • CVE-2016-9587: Prevent compromised host to execute commands on the controller (bsc#1019021).
  • CVE-2017-7466: Prevent arbitrary code execution on control nodes.

For more information about the upstream bugs fixed, please see /usr/share/doc/packages/ansible/CHANGELOG.md

Additionally, monasca-installer received several compatibility fixes for ansible.

References

Affected packages

SUSE:OpenStack Cloud 7 / ansible

Package

Name
ansible
Purl
purl:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.3.0-5.1

Ecosystem specific

{
    "binaries": [
        {
            "monasca-installer": "20170912_10.45-5.1",
            "ansible": "2.2.3.0-5.1"
        }
    ]
}

SUSE:OpenStack Cloud 7 / monasca-installer

Package

Name
monasca-installer
Purl
purl:rpm/suse/monasca-installer&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20170912_10.45-5.1

Ecosystem specific

{
    "binaries": [
        {
            "monasca-installer": "20170912_10.45-5.1",
            "ansible": "2.2.3.0-5.1"
        }
    ]
}