MGASA-2017-0399

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0399.html

Import Source

https://advisories.mageia.org/MGASA-2017-0399.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2017-0399

Related

CVE-2017-7550

Published

2017-11-02T21:47:07Z

Modified

2017-11-02T21:10:09Z

Summary

Updated ansible package fixes security vulnerability

Details

A flaw was found in the way Ansible passed certain parameters to the jenkins_plugin module. A remote attacker could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation (CVE-2017-7550).

The ansible package has been updated to version 2.4.1 to fix this issue and several other bugs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / ansible

Package

Name: ansible
Purl: pkg:rpm/mageia/ansible?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.1.0-1.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / ansible

Package

Name: ansible
Purl: pkg:rpm/mageia/ansible?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.1.0-1.1.mga6

Ecosystem specific

{
    "section": "core"
}