-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-1d2bc76093 2018-07-12 14:18:11.698142 --------------------------------------------------------------------------------

Name : ansible Product : Fedora 28 Version : 2.6.1 Release : 1.fc28 URL : http://ansible.com Summary : SSH-based configuration management, deployment, and task execution system Description : Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

-------------------------------------------------------------------------------- Update Information:

Update to ansible 2.6.1 bugfix release. Fixes also 2 CVEs: CVE-2018-10874 and CVE-2018-10875 See https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6... for full list of changes. -------------------------------------------------------------------------------- ChangeLog:

* Thu Jul 5 2018 Kevin Fenzi kevin@scrye.com - 2.6.1-1 - Update to 2.6.1. Fixes bug #1598602 - Fixes CVE-2018-10874 and CVE-2018-10875 * Mon Jul 2 2018 Miro Hron��ok mhroncok@redhat.com - 2.6.0-2 - Rebuilt for Python 3.7 * Thu Jun 28 2018 Kevin Fenzi kevin@scrye.com - 2.6.0-1 - Update to 2.6.0. Fixes bug #1596424 * Tue Jun 26 2018 Miro Hron��ok mhroncok@redhat.com - 2.5.5-5 - Rebuilt for Python 3.7 * Mon Jun 25 2018 Toshio Kuratomi toshio@fedoraproject.org - - 2.5.5-4 - Upstream patch to build docs with older jinja2 (Fedora 27) - Build changes to build only rst docs for modules and plugins when a distro doesn't have modern enough packages to build the documentation. (EPEL7) * Tue Jun 19 2018 Miro Hron��ok mhroncok@redhat.com - 2.5.5-3 - Rebuilt for Python 3.7 * Fri Jun 15 2018 Kevin Fenzi kevin@scrye.com - 2.5.5-2 - Stop building docs on F27 as python-jinja2 is too old there. * Thu Jun 14 2018 Kevin Fenzi kevin@scrye.com - 2.5.5-1 - Update to 2.5.5. Fixes bug #1580530 and #1584927 - Fixes 1588855,1590200 (fedora) and 1588855,1590199 (epel) CVE-2018-10855 (security bug with no_log handling) * Thu May 31 2018 Kevin Fenzi kevin@scrye.com - 2.5.4-1 - Update to 2.5.4. Fixes bug #1584927 * Thu May 17 2018 Kevin Fenzi kevin@scrye.com - 2.5.3-1 - Update to 2.5.3. Fixes bug #1579577 and #1574221 * Thu Apr 26 2018 Kevin Fenzi kevin@scrye.com - 2.5.2-1 - Update to 2.5.2 with bugfixes. * Wed Apr 18 2018 Kevin Fenzi kevin@scrye.com - 2.5.1-1 - Update to 2.5.1 with bugfixes. Fixes: #1569270 #1569153 #1566004 #1566001 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1598810 - CVE-2018-10874 ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1598810 [ 2 ] Bug #1598806 - CVE-2018-10875 ansible: ansible.cfg is being read from current working directory allowing possible code execution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1598806 [ 3 ] Bug #1598809 - CVE-2018-10874 ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1598809 [ 4 ] Bug #1598805 - CVE-2018-10875 ansible: ansible.cfg is being read from current working directory allowing possible code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1598805 [ 5 ] Bug #1598602 - ansible-2.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1598602 --------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-1d2bc76093' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------