Updated python-ansible-core packages fix security vulnerabilities
Publication date: 12 Feb 2025Modification date: 12 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-8775 , CVE-2024-9902 , CVE-2024-11079
Description
Exposure of sensitive information in Ansible vault files due to improper
logging. (CVE-2024-8775)
Ansible-core user may read/write unauthorized content. (CVE-2024-9902)
Unsafe tagging bypass via hostvars object in ansible-core.
(CVE-2024-11079)
References
- https://bugs.mageia.org/show_bug.cgi?id=33828
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2Y6RFLPB54N7XR7AP7A2DEXGLBEDEQJU/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8775
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9902
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11079
SRPMS
9/core
- python-ansible-core-2.14.18-1.mga9