advisories/23225.adv

type: security
subject: Updated ansible packages fix security vulnerability
CVE:
 - CVE-2018-10855
src:
  5:
   core:
     - ansible-2.4.5.0-1.1.mga5
  6:
   core:
     - ansible-2.4.5.0-1.1.mga6
description: |
  Ansible prior to 2.4.5 does not honor the no_log task flag for failed
  tasks.  When the no_log flag has been used to protect sensitive data
  passed to a task from being logged, and that task does not run
  successfully, Ansible will expose sensitive data in log files and on the
  terminal of the user running Ansible (CVE-2018-10855).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=23225
 - https://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ILGCAZWUN7RSPO3IEB46IIDRMCI3ALP3/
ID: MGASA-2018-0303
1	type: security
2	subject: Updated ansible packages fix security vulnerability
3	CVE:
4	- CVE-2018-10855
5	src:
6	5:
7	core:
8	- ansible-2.4.5.0-1.1.mga5
9	6:
10	core:
11	- ansible-2.4.5.0-1.1.mga6
12	description: \|
13	Ansible prior to 2.4.5 does not honor the no_log task flag for failed
14	tasks. When the no_log flag has been used to protect sensitive data
15	passed to a task from being logged, and that task does not run
16	successfully, Ansible will expose sensitive data in log files and on the
17	terminal of the user running Ansible (CVE-2018-10855).
18	references:
19	- https://bugs.mageia.org/show_bug.cgi?id=23225
20	- https://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md
21	- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ILGCAZWUN7RSPO3IEB46IIDRMCI3ALP3/
22	ID: MGASA-2018-0303