Advisories » MGASA-2019-0234

Updated ansible packages fix security vulnerability

Publication date: 31 Aug 2019
Modification date: 31 Aug 2019
Type: security
Affected Mageia releases : 6 , 7
CVE: CVE-2019-10156

Description

Updated ansible package fixes security vulnerability:

A flaw was discovered in the way Ansible templating was implemented before
version 2.7.12, causing the possibility of information disclosure through
unexpected variable substitution. By taking advantage of unintended variable
substitution the content of any variable may be disclosed (CVE-2019-10156).

Also, python-jmespath was added as a new dependency in Mageia 6.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25285
• https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst
• https://usn.ubuntu.com/4072-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156

SRPMS

6/core

• ansible-2.7.12-1.mga6
• python-jmespath-0.9.4-1.2.mga6

7/core

• ansible-2.7.12-1.mga7