You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa ansible

Sigurnosni nedostaci programskog paketa ansible

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LSU

openSUSE Security Update: Security update for ansible

Announcement ID: openSUSE-SU-2019:1125-1
Rating: moderate
References: #1099808 #1102126 #1109957 #1112959 #1116587
#1118896 #1126503
Cross-References: CVE-2018-10875 CVE-2018-16837 CVE-2018-16859
CVE-2018-16876 CVE-2019-3828
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12

An update that solves 5 vulnerabilities and has two fixes
is now available.


This update for ansible to version 2.7.8 fixes the following issues:

Security issues fixed:

– CVE-2018-16837: Fixed an information leak in user module (bsc#1112959).
– CVE-2018-16859: Fixed an issue which clould allow logging of password in
plaintext in Windows powerShell (bsc#1116587).
– CVE-2019-3828: Fixed a path traversal vulnerability in fetch module
– CVE-2018-10875: Fixed a potential code execution in ansible.cfg
– CVE-2018-16876: Fixed an issue which could allow information disclosure
in vvv+ mode with no_log on (bsc#1118896).

Other issues addressed:

– prepare update to 2.7.8 for multiple releases (boo#1102126, boo#1109957)

Release notes:

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2019-1125=1

Package List:

– SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):



To unsubscribe, e-mail:
For additional commands, e-mail:

AutorZvonimir Bosnjak
Cert idNCERT-REF-2019-04-0001-ADV
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja, izvršavanje proizvoljnog programskog koda...