Updated ansible packages fix security vulnerability
Publication date: 31 Aug 2019Modification date: 31 Aug 2019
Type: security
Affected Mageia releases : 6 , 7
CVE: CVE-2019-10156
Description
Updated ansible package fixes security vulnerability: A flaw was discovered in the way Ansible templating was implemented before version 2.7.12, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed (CVE-2019-10156). Also, python-jmespath was added as a new dependency in Mageia 6.
References
SRPMS
6/core
- ansible-2.7.12-1.mga6
- python-jmespath-0.9.4-1.2.mga6
7/core
- ansible-2.7.12-1.mga7