Accepted ansible 2.7.7+dfsg-1+deb10u2 (source) into oldoldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted ansible 2.7.7+dfsg-1+deb10u2 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 28 Dec 2023 16:10:18 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: ansible_2.7.7+dfsg-1+deb10u2_source.changes
- Debian-source: ansible
- Debian-suite: oldoldstable
- Debian-version: 2.7.7+dfsg-1+deb10u2
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=6jBK/kvVli97leIri2cK1WMFt3/e7Pux8Nauzn0gKRg=; b=rmFkiWLkpTxzhs9hVfDCS+uO68 QRiBKynr+wlHWSB6ptV2xsntlos9/s8YCBiC27yeeKSjPrJ/natGFZ+sBl+4aF7Vlv6XFUAa2t5LF Tto1k6mJYnpkxHxgBNHsPtFmUv0mRm9DUdHQ/uDQ1PV9ZEjDto4BnHjklhJtvgL/QeFPD+tseAMVu jfFbqiVdPVi1yQCGpCb39aHdCM5qKvxJqmAJZjU5AwVnmp1BYnxp3u+/dOJ8/jPUSLDjHoe6Fv4xV z50WJeMWtxcpVH5A2H46lJw/dQ8fRsHkvxHUvU1ATp/aAGMRjvXprkqjoZ2depFMzA0SwvYn63UdJ PO64/vSg==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1rIsxe-00AbkA-Ll@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 28 Dec 2023 09:32:51 +0000
Source: ansible
Architecture: source
Version: 2.7.7+dfsg-1+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Harlan Lieberman-Berg <hlieberman@debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1053693
Changes:
ansible (2.7.7+dfsg-1+deb10u2) buster-security; urgency=high
.
* Non-maintainer upload by the LTS Team.
* Enable autopkgtest
* Add salsa-ci testing
* Fix regresion on CVE-2019-10206
* Fix CVE-2021-3447: A flaw was found in several
ansible modules, where parameters containing credentials,
such as secrets, were being logged in plain-text on
managed nodes, as well as being made visible on the
controller node when run in verbose mode. These parameters
were not protected by the no_log feature. An attacker can
take advantage of this information to steal those credentials,
provided when they have access to the log files
containing them. The highest threat from this vulnerability
is to data confidentiality
* Fix CVE-2021-3583: A flaw was found in Ansible, where
a user's controller is vulnerable to template injection.
This issue can occur through facts used in the template
if the user is trying to put templates in multi-line YAML
strings and the facts being handled do not routinely
include special template characters. This flaw allows
attackers to perform command injection, which discloses
sensitive information. The highest threat from this
vulnerability is to confidentiality and integrity.
* Fix CVE-2021-3620: A flaw was found in Ansible Engine's
ansible-connection module, where sensitive information
such as the Ansible user credentials is disclosed by
default in the traceback error message. The highest
threat from this vulnerability is to confidentiality.
* Fix CVE-2021-20178: A flaw was found in ansible module
snmp_fact where credentials are disclosed in the console log by
default and not protected by the security feature
This flaw allows an attacker to steal privkey and authkey
credentials. The highest threat from this vulnerability
is to confidentiality.
* CVE-2021-20191: A flaw was found in ansible. Credentials,
such as secrets, are being disclosed in console log by default
and not protected by no_log feature when using Cisco nxos moduel.
An attacker can take advantage of this information to steal those
credentials. The highest threat from this vulnerability is
to data confidentiality.
* CVE-2022-3697: A flaw was found in Ansible in the amazon.aws
collection when using the tower_callback parameter from the
amazon.aws.ec2_instance module. This flaw allows an attacker
to take advantage of this issue as the module is handling the
parameter insecurely, leading to the password leaking in the logs.
* CVE-2023-5115: An absolute path traversal attack existed
in the Ansible automation platform. This flaw allows an
attacker to craft a malicious Ansible role and make the
victim execute the role. A symlink can be used to
overwrite a file outside of the extraction path.
(Closes: #1053693)
Checksums-Sha1:
07203c60f9ad077990e27a06f09f5c8fcffaacbb 2638 ansible_2.7.7+dfsg-1+deb10u2.dsc
37ad2cfb44b607c929a5d5c7fe162d3e691426ac 63556 ansible_2.7.7+dfsg-1+deb10u2.debian.tar.xz
1197b4d7083a4d8130f2d63042d1a10d7116b3f9 7916 ansible_2.7.7+dfsg-1+deb10u2_amd64.buildinfo
Checksums-Sha256:
ced4f38b04977f6e4dab1faae5ff0c8d82952b502b4cef3e3211e7c5852411e3 2638 ansible_2.7.7+dfsg-1+deb10u2.dsc
4a4d1fb3937f8b3088f5da599f3fa186fc11c1594af3b76c76172c271b260282 63556 ansible_2.7.7+dfsg-1+deb10u2.debian.tar.xz
bcf788265413eba61010125f3ee9dece6f32791d0b53040cc2530ada169fc518 7916 ansible_2.7.7+dfsg-1+deb10u2_amd64.buildinfo
Files:
dc2721bba81f6aaa47aa73fd562c214c 2638 admin optional ansible_2.7.7+dfsg-1+deb10u2.dsc
d7f86223c8ca5ad3b1d92f46d74e9c6f 63556 admin optional ansible_2.7.7+dfsg-1+deb10u2.debian.tar.xz
95056f093a910a4a9a82b5392773a174 7916 admin optional ansible_2.7.7+dfsg-1+deb10u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmWNmn0RHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF8PGQ/+PC5rw6YrxytN1/QE6qrY32nhKD0paR3K
k6kMzOBYgEmR9jm/BtZethAX05DtGo8wy+d1Qgx/f+fijW0z02DDuyyHfMc69S4x
jZwmN6TvWZ5D1reDWMAmDnyTW4jMuhdLpHfWy82/BCe9i20kJxtZUOWsJCtnDXvN
Kw92pmIn9mPIIQobxA57Uh10S7Z2q19sEp7zctptFhcFztLzdDI6lRUxoCyHhGSH
vPkmgxi5Mc1z4XUng7p2qUV3uIm+IhhPSKuNUoD4BXOeo3hcn9d/7clYlRsruqXT
g41poTtdy/bvznT4OG4v9sEMANi//uFPgNaSGB1Wr+zj3SVZ0UXZggehxjlvE1vM
6xyOnQ9OQu/v+cFI3U11vft9YWYrJbmf0k5ZMJ9De4DBlnbsq0268giLsNKMWzqV
BYVreC0N4npmUplA3g9Nv318IQBb0UaM8Pz8Pp6u6kNZKmu2hl7jZ+w+01eRVA1S
bgBY0d1viHex/fH52ZSfr5rex4yhpj7XFk2yNRslaaZ70g4p/ANmrGUSMhm8k+VY
qMwzLeIG1uVeH7koc/HbR9Gd4gYCML9jh0kRW23MgwpoHRs6MYr9AdLCa2qXXFU0
hAMsHv/TvxFmfRjig4ygqv8HmF/GHjFpDT2rCZGuibxza9A58+1u3yKsY4q29b/Y
C26gdVktnBk=
=rpDM
-----END PGP SIGNATURE-----