USN-7330-1

Source
https://ubuntu.com/security/notices/USN-7330-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7330-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-7330-1
Related
Published
2025-03-05T20:26:48.107739Z
Modified
2025-03-05T20:26:48.107739Z
Summary
ansible vulnerabilities
Details

It was discovered that Ansible did not properly verify certain fields of X.509 certificates. An attacker could possibly use this issue to spoof SSL servers if they were able to intercept network communications. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3908)

Martin Carpenter discovered that certain connection plugins for Ansible did not properly restrict users. An attacker with local access could possibly use this issue to escape a restricted environment via symbolic links misuse. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-6240)

Robin Schneider discovered that Ansible's apt_key module did not properly verify key fingerprints. A remote attacker could possibly use this issue to perform key injection, leading to the access of sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8614)

It was discovered that Ansible would expose passwords in certain instances. An attacker could possibly use specially crafted input related to this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-10206)

It was discovered that Ansible incorrectly logged sensitive information. An attacker with local access could possibly use this issue to access sensitive information. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2019-14846)

It was discovered that Ansible's solaris_zone module accepted input without performing input checking. A remote attacker could possibly use this issue to enable the execution of arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-14904)

It was discovered that Ansible did not generate sufficiently random values, which could lead to the exposure of passwords. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10729)

It was discovered that Ansible's svn module could disclose passwords to users within the same node. An attacker could possibly use this issue to access sensitive information. (CVE-2020-1739)

References

Affected packages

Ubuntu:Pro:14.04:LTS / ansible

Package

Name
ansible
Purl
pkg:deb/ubuntu/ansible@1.5.4+dfsg-1ubuntu0.1~esm3?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.4+dfsg-1ubuntu0.1~esm3

Affected versions

1.*

1.1+dfsg-1
1.3.4+dfsg-1
1.4.0+dfsg-1
1.4.1+dfsg-1
1.4.3+dfsg-1
1.4.4+dfsg-1
1.5.4+dfsg-1
1.5.4+dfsg-1ubuntu0.1~esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1.5.4+dfsg-1ubuntu0.1~esm3",
            "binary_name": "ansible"
        },
        {
            "binary_version": "1.5.4+dfsg-1ubuntu0.1~esm3",
            "binary_name": "ansible-doc"
        },
        {
            "binary_version": "1.5.4+dfsg-1ubuntu0.1~esm3",
            "binary_name": "ansible-fireball"
        },
        {
            "binary_version": "1.5.4+dfsg-1ubuntu0.1~esm3",
            "binary_name": "ansible-node-fireball"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / ansible

Package

Name
ansible
Purl
pkg:deb/ubuntu/ansible@2.0.0.2-2ubuntu1.3+esm5?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.0.2-2ubuntu1.3+esm5

Affected versions

1.*

1.9.2+dfsg-2
1.9.4-1

2.*

2.0.0.2-2
2.0.0.2-2ubuntu1
2.0.0.2-2ubuntu1.1
2.0.0.2-2ubuntu1.2
2.0.0.2-2ubuntu1.3
2.0.0.2-2ubuntu1.3+esm1
2.0.0.2-2ubuntu1.3+esm2
2.0.0.2-2ubuntu1.3+esm3
2.0.0.2-2ubuntu1.3+esm4

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "2.0.0.2-2ubuntu1.3+esm5",
            "binary_name": "ansible"
        },
        {
            "binary_version": "2.0.0.2-2ubuntu1.3+esm5",
            "binary_name": "ansible-fireball"
        },
        {
            "binary_version": "2.0.0.2-2ubuntu1.3+esm5",
            "binary_name": "ansible-node-fireball"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / ansible

Package

Name
ansible
Purl
pkg:deb/ubuntu/ansible@2.5.1+dfsg-1ubuntu0.1+esm5?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.1+dfsg-1ubuntu0.1+esm5

Affected versions

2.*

2.3.1.0+dfsg-2
2.5.0+dfsg-1
2.5.1+dfsg-1
2.5.1+dfsg-1ubuntu0.1
2.5.1+dfsg-1ubuntu0.1+esm1
2.5.1+dfsg-1ubuntu0.1+esm2
2.5.1+dfsg-1ubuntu0.1+esm3
2.5.1+dfsg-1ubuntu0.1+esm4

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "2.5.1+dfsg-1ubuntu0.1+esm5",
            "binary_name": "ansible"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / ansible

Package

Name
ansible
Purl
pkg:deb/ubuntu/ansible@2.9.6+dfsg-1ubuntu0.1~esm3?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.6+dfsg-1ubuntu0.1~esm3

Affected versions

2.*

2.8.3+dfsg-1
2.8.6+dfsg-1
2.9.2+dfsg-1
2.9.4+dfsg-1
2.9.6+dfsg-1
2.9.6+dfsg-1ubuntu0.1~esm1
2.9.6+dfsg-1ubuntu0.1~esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "2.9.6+dfsg-1ubuntu0.1~esm3",
            "binary_name": "ansible"
        },
        {
            "binary_version": "2.9.6+dfsg-1ubuntu0.1~esm3",
            "binary_name": "ansible-doc"
        }
    ]
}