Advisories » MGASA-2019-0023

Updated ansible package fixes security vulnerability

Publication date: 08 Jan 2019
Modification date: 08 Jan 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-16876

Description

It was found that when a retry task in ansible run with -vvv fails, it
will log the raw return code, stdout and stderr from ssh which could
have contained sensitive data (CVE-2018-16876).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24065
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZDHLHZ5V5K5AKBTGPLGFTPK3YNSOC4FY/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16876

SRPMS

6/core

• ansible-2.4.6.0-1.2.mga6