ansible (2.0.0.2-2ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Fix vulnerability where a local user could use symlinks
    to write arbitrary files or gain privileges.
    - debian/patches/CVE-2016-3096.patch: Do not use a predictable filenames
      in the LXC plugin.
    - CVE-2016-3096
  * SECURITY UPDATE: Avoid unicode strings injection.
    - debian/patches/CVE-2017-7481.patch: Fixing security issue with lookup
      returns not tainting the jinja2 environment.
    - CVE-2017-7481
  * SECURITY UPDATE: Fix a flaw in ansible.cfg where an attacker could point
    to a plugin or a module path under control and execute arbitrary code.
    - debian/patches/CVE-2018-10875.patch: Ignore ansible.cfg in world
      writable cwd.
    - CVE-2018-10875
  * SECURITY UPDATE: Avoid information disclosure in log and command line.
    - debian/patches/CVE-2018-16837.patch: user: Don't pass ssh_key_passphrase
      on command line.
    - CVE-2018-16837

Date: 2019-07-16 15:11:13.706260+00:00
Changed-By: Paulo Flabiano Smorigo <pfsmor...@canonical.com>
https://launchpad.net/ubuntu/+source/ansible/2.0.0.2-2ubuntu1.2
Sorry, changesfile not available.
-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

Reply via email to