Your message dated Sun, 17 Dec 2023 15:33:45 +0000
with message-id <2974149.bGWG2ck9TC@portable-bastien>
and subject line Does not concern ansible-core
has caused the Debian Bug report #1058885,
regarding ansible: CVE-2023-4237
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1058885: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058885
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ansible
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for ansible.
CVE-2023-4237[0]:
| A flaw was found in the Ansible Automation Platform. When creating a
| new keypair, the ec2_key module prints out the private key directly
| to the standard output. This flaw allows an attacker to fetch those
| keys from the log files, compromising the system's confidentiality,
| integrity, and availability.
https://bugzilla.redhat.com/show_bug.cgi?id=2229979
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-4237
https://www.cve.org/CVERecord?id=CVE-2023-4237
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
According to https://deb.freexian.com/extended-lts/tracker/CVE-2023-4237 it is
in ansible package not ansible-core
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
