ansible (2.0.0.2-2ubuntu1.2) xenial-security; urgency=medium
* SECURITY UPDATE: Fix vulnerability where a local user could use symlinks
to write arbitrary files or gain privileges.
- debian/patches/CVE-2016-3096.patch: Do not use a predictable filenames
in the LXC plugin.
- CVE-2016-3096
* SECURITY UPDATE: Avoid unicode strings injection.
- debian/patches/CVE-2017-7481.patch: Fixing security issue with lookup
returns not tainting the jinja2 environment.
- CVE-2017-7481
* SECURITY UPDATE: Fix a flaw in ansible.cfg where an attacker could point
to a plugin or a module path under control and execute arbitrary code.
- debian/patches/CVE-2018-10875.patch: Ignore ansible.cfg in world
writable cwd.
- CVE-2018-10875
* SECURITY UPDATE: Avoid information disclosure in log and command line.
- debian/patches/CVE-2018-16837.patch: user: Don't pass ssh_key_passphrase
on command line.
- CVE-2018-16837
Date: 2019-07-16 15:11:13.706260+00:00
Changed-By: Paulo Flabiano Smorigo <pfsmor...@canonical.com>
https://launchpad.net/ubuntu/+source/ansible/2.0.0.2-2ubuntu1.2
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
