-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 27 Jan 2021 16:24:29 +0100 Source: ansible Binary: ansible Architecture: source Version: 2.2.1.0-2+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Harlan Lieberman-Berg <hlieberman@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: ansible - Configuration management, deployment, and task execution system Changes: ansible (2.2.1.0-2+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2017-7481: Ansible fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated. * Fix CVE-2019-10156: A flaw was discovered in the way Ansible templating was implemented, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed. * Fix CVE-2019-14846: Ansible was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process. * Fix CVE-2019-14904: A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Checksums-Sha1: b34ca116f1436e1df5428c490e5a2c98e19cbbe6 2219 ansible_2.2.1.0-2+deb9u2.dsc 61988c768d5c5e4949cd05919f70b025c4c291e9 26348 ansible_2.2.1.0-2+deb9u2.debian.tar.xz f3dcfb9b7aa73ed26d0f1e6ea8cd63e30d8777e1 7039 ansible_2.2.1.0-2+deb9u2_amd64.buildinfo Checksums-Sha256: 79a3f621d5285d33e5694d43a57d31ef181ca8e0d1f3a619c908a26eca86623b 2219 ansible_2.2.1.0-2+deb9u2.dsc 61345062b3551c3fe801e8a6b7dab56086042c1e187d24d4474dbd201ec11573 26348 ansible_2.2.1.0-2+deb9u2.debian.tar.xz 073b71b2d9df3faa057b97a20ac6b18b6efa5eb6e318756a08d56a9310677f30 7039 ansible_2.2.1.0-2+deb9u2_amd64.buildinfo Files: 8383d9f6d14c9237973b8c4ec5dfd0fb 2219 admin optional ansible_2.2.1.0-2+deb9u2.dsc e2ca7b244a9125f6bdb8bcaec54051c6 26348 admin optional ansible_2.2.1.0-2+deb9u2.debian.tar.xz c4b7a431628bde632eed661b460b4d29 7039 admin optional ansible_2.2.1.0-2+deb9u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmARzE5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hkw58QAMMMzeXRQrGO6WcC9auspsCWbgdoFUbefQgj C8MUJboLlTSAQ0DCtFVgE1nd10teqP7/POkYBL+DhoFRPyn4LJ7Nk2IvPmupvEBU u1qneJ91GqFuGpLLNqG3Epnw4a+Ebhm6HXeWiivN4Y3qJKObezsaJWOOJ14kX49q Iqzb04fA4SJ93RyMzq6uSYzJUhRmiD5oEPIlY32s1z7Nm1Gf8hRDctdyr3oe1/hK 800p/qv7OiFpHeOCN4Z2Sbs+ZjTYlU/vAKJgdX0QxXmr5LgO5qpes69T2bCPnhpR RSxVUuxrZQYQBFWmABKWsbgnn0Yi9lsPdwyx2dtnXkTL/K1tNwkxjb1yBf91Kl6i V1Nt/UmdNS7nOdsePjVq0L1yi/wH05eEg33ryG3R5Brs4itnzLOA7AWJp1uM6xG0 j2wBJ9PS04GlR3HtdCsNxxyVaVIjQRKzFQCCgV1aPeCGVi+Tdo/YEIBf+lcsDQ0d gzCejPliSKkCLaURRBqjVbokAgim1VsJX0cvQkaLBWWBpXcqTysgjwU242c93DKn ea4Lc3wiJZFNLnSP/8inf3phSefMeNFHonUfJGZMvLBCmPxH8Lch8liXhadC525k DXJdarcZE0i0hemkI3QRd7/Icatkp1AKrIVVOk41339CSL15qLsRS6OAQfHqThHv zTCpHac1 =rxyZ -----END PGP SIGNATURE-----