--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2020-3f2d4cea8a
2020-04-28 00:51:54.870973
--------------------------------------------------------------------------------
Name : ansible
Product : Fedora EPEL 7
Version : 2.9.7
Release : 1.el7
URL :
http://ansible.com
Summary : SSH-based configuration management, deployment, and task execution system
Description :
Ansible is a radically simple model-driven configuration management,
multi-node deployment, and remote task execution system. Ansible works
over SSH and does not require any software or daemons to be installed
on remote nodes. Extension modules can be written in any language and
are transferred to managed machines automatically.
--------------------------------------------------------------------------------
Update Information:
Update to bugfix and security update 2.9.7. See
https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v...
for detailed changes.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 18 2020 Kevin Fenzi <kevin(a)scrye.com> - 2.9.7-1
- Update to 2.9.7.
- fixes CVE-2020-1733 CVE-2020-1735 CVE-2020-1740 CVE-2020-1746 CVE-2020-1753
CVE-2020-10684 CVE-2020-10685 CVE-2020-10691
- Drop the -s from the shebang to allow ansible to use locally installed modules.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1805319 - CVE-2020-1740 ansible: secrets readable after ansible-vault edit
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1805319
[ 2 ] Bug #1805326 - CVE-2020-1738 ansible: module package can be selected by the
ansible facts [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1805326
[ 3 ] Bug #1805332 - CVE-2020-1736 ansible: atomic_move primitive sets permissive
permissions [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1805332
[ 4 ] Bug #1805336 - CVE-2020-1735 ansible: path injection on dest parameter in fetch
module [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1805336
[ 5 ] Bug #1805339 - CVE-2020-1734 ansible: shell enabled by default in a pipe lookup
plugin subprocess [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1805339
[ 6 ] Bug #1805342 - CVE-2020-1733 ansible: insecure temporary directory when running
become_user from become directive [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1805342
[ 7 ] Bug #1808472 - CVE-2020-1746 ansible: Information disclosure issue in ldap_attr
and ldap_entry modules [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1808472
[ 8 ] Bug #1811933 - CVE-2020-1753 ansible: kubectl connection plugin leaks sensitive
information [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1811933
[ 9 ] Bug #1816311 - CVE-2020-10684 ansible: code injection when using ansible_facts as
a subkey [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1816311
[ 10 ] Bug #1816312 - CVE-2020-10685 ansible: modules which use files encrypted with
vault are not properly cleaned up [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1816312
[ 11 ] Bug #1817979 - CVE-2020-10691 ansible: archive traversal vulnerability in
ansible-galaxy collection install [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1817979
[ 12 ] Bug #1825070 - ansible-2.9.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1825070
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update ansible' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------