ansible 2.5.1+dfsg-1ubuntu0.1 source package in Ubuntu


ansible (2.5.1+dfsg-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Fix a vulnerability in inventory variables where an
    attacker could run arbitrary code.
    - debian/patches/CVE-2018-10874.patch: Avoid loading vars on unspecified
      basedir (cwd).
    - CVE-2018-10874
  * SECURITY UPDATE: Fix a flaw in ansible.cfg where an attacker could point
    to a plugin or a module path under control and execute arbitrary code.
    - debian/patches/CVE-2018-10875.patch: Ignore ansible.cfg in world
      writable cwd.
    - CVE-2018-10875
  * SECURITY UPDATE: Avoid information disclosure in log and command line.
    - debian/patches/CVE-2018-10855.patch: no_log even when task_result
      doesn't provide key.
    - debian/patches/CVE-2018-16837.patch: user: Don't pass ssh_key_passphrase
      on command line.
    - debian/patches/CVE-2018-16876.patch: Ensure ssh retry respects no log.
    - CVE-2018-10855
    - CVE-2018-16837
    - CVE-2018-16876
  * SECURITY UPDATE: Fix traversal path vulnerability which allows copying
    and overwriting files outside of the specified destination in the local
    ansible controller host, by not restricting an absolute path.
    - debian/patches/CVE-2019-3828.patch: Disallow use of remote home
      directories containing ".." in their path
    - CVE-2019-3828
  * SECURITY UPDATE: Sensitive information could be exposed to remote node.
    - debian/patches/CVE-2019-10156-1.patch: Don't pass locals.
    - debian/patches/CVE-2019-10156-2.patch: Fixed tests.
    - CVE-2019-10156

 -- Paulo Flabiano Smorigo <email address hidden>  Thu, 11 Jul 2019 17:55:43 -0300

Upload details

Uploaded by:
Paulo Flabiano Smorigo on 2019-07-16
Uploaded to:
Original maintainer:
Ubuntu Developers
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Bionic updates on 2019-07-17 universe misc
Bionic security on 2019-07-17 universe misc


Bionic: [FULLYBUILT] amd64


File Size SHA-256 Checksum
ansible_2.5.1+dfsg.orig.tar.gz 6.3 MiB 47ae0e0613082f027d91eef3ac311005efaf96d1825abcee5bca3de03b3ba7a4
ansible_2.5.1+dfsg-1ubuntu0.1.debian.tar.xz 24.2 KiB 869fd08e7bf31826c9dbd6c40e645def9830b5235ab94abd79e85007b1ad1e3c
ansible_2.5.1+dfsg-1ubuntu0.1.dsc 2.2 KiB e2869ee359ee0ec79be19cf2b03609561e27767e84e1086e28b1175f964e7ef8

View changes file

Binary packages built by this source

ansible: Configuration management, deployment, and task execution system

 Ansible is a radically simple model-driven configuration management,
 multi-node deployment, and remote task execution system. Ansible works
 over SSH and does not require any software or daemons to be installed
 on remote nodes. Extension modules can be written in any language and
 are transferred to managed machines automatically.