openSUSE-SU-2017:2978-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2017:2978-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2017:2978-1
Related
Published
2017-11-10T13:03:17Z
Modified
2017-11-10T13:03:17Z
Summary
Security update for ansible
Details

This update for ansible to version 2.4.1.0 fixes the following vulnerabilities:

  • CVE-2017-7481: Security issue with lookup return not tainting the jinja2 environment (bsc#1038785)
  • CVE-2016-9587: host to controller command execution vulnerability (bsc#1019021)
  • CVE-2016-8628: Command injection by compromised server via fact variables (bsc#1008037)
  • CVE-2016-8614: Improper verification of key fingerprints in apt_key module (bsc#1008038)
  • CVE-2017-7550: jenkins_plugin module may have exposed passwords in remote host logs (bsc#1065872)

This update also contains a number of upstream bug fixes and improvements.

References

Affected packages

SUSE:Package Hub 12 / ansible

Package

Name
ansible
Purl
purl:rpm/suse/ansible&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.1.0-6.1

Ecosystem specific

{
    "binaries": [
        {
            "ansible": "2.4.1.0-6.1"
        }
    ]
}