Parent Directory | Revision Log
MGASA-2018-0303: ansible-2.4.5.0-1.1.mga5, ansible-2.4.5.0-1.1.mga6
1 | type: security |
2 | subject: Updated ansible packages fix security vulnerability |
3 | CVE: |
4 | - CVE-2018-10855 |
5 | src: |
6 | 5: |
7 | core: |
8 | - ansible-2.4.5.0-1.1.mga5 |
9 | 6: |
10 | core: |
11 | - ansible-2.4.5.0-1.1.mga6 |
12 | description: | |
13 | Ansible prior to 2.4.5 does not honor the no_log task flag for failed |
14 | tasks. When the no_log flag has been used to protect sensitive data |
15 | passed to a task from being logged, and that task does not run |
16 | successfully, Ansible will expose sensitive data in log files and on the |
17 | terminal of the user running Ansible (CVE-2018-10855). |
18 | references: |
19 | - https://bugs.mageia.org/show_bug.cgi?id=23225 |
20 | - https://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md |
21 | - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ILGCAZWUN7RSPO3IEB46IIDRMCI3ALP3/ |
22 | ID: MGASA-2018-0303 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |