openSUSE-SU-2017:2976-1

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2017:2976-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/openSUSE-SU-2017:2976-1

Upstream

CVE-2016-8614

CVE-2016-8628

CVE-2016-9587

CVE-2017-7481

CVE-2017-7550

Related

Published

2017-11-10T13:03:17Z

Modified

2025-05-08T17:44:50.045167Z

Summary

Security update for ansible

Details

This update for ansible to version 2.4.1.0 fixes the following vulnerabilities:

CVE-2017-7481: Security issue with lookup return not tainting the jinja2 environment (bsc#1038785)
CVE-2016-9587: host to controller command execution vulnerability (bsc#1019021)
CVE-2016-8628: Command injection by compromised server via fact variables (bsc#1008037)
CVE-2016-8614: Improper verification of key fingerprints in apt_key module (bsc#1008038)
CVE-2017-7550: jenkins_plugin module may have exposed passwords in remote host logs (bsc#1065872)

This update also contains a number of upstream bug fixes and improvements.

References

Affected packages

SUSE:Package Hub 12 / ansible

Package

Name: ansible
Purl: pkg:rpm/suse/ansible&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.1.0-6.1

Ecosystem specific

{
    "binaries": [
        {
            "ansible": "2.4.1.0-6.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2017:2976-1.json"