[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1576-1] ansible security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : ansible
Version        : 1.7.2+dfsg-2+deb8u1
CVE ID         : CVE-2018-16837
Debian Bug     : #912297

It was discovered that there was a potential SSH passphrase disclosure
vulnerability in the ansible configuration management system,

The "User" module leaked data that was passed as a parameter to the
ssh-keygen(1) utility, thus revealing any credentials in cleartext form
in the global process list.

For Debian 8 "Jessie", this issue has been fixed in ansible version
1.7.2+dfsg-2+deb8u1.

We recommend that you upgrade your ansible packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlvpYiQACgkQHpU+J9Qx
HlhDWg/9Hz82c1ALOa5RRkaZbAOV0057vaxTQdpH3VjVOvfBtVI1L3PkRlcBd9rZ
Re+xbNm6bM766PeUkS/Nr195fQW2cxQhw0xRPdhcKkcLVShWK5WzmEvzDqT7WgO2
EsSXNDrDKYc9vFct2/IBM1xrlToNiMeoB87kZPYnav8MXwuquE4q/rPvI8EjHoYZ
C/w8iaSbwLwiNerexTC+ampARDKdH8QZtriUPifmFzRP2opFRXun2kGsxs+B9Dvi
Ly/tK30Awa6JgZqhdUMxIN/JiikUjAcFy+j95KGdU1dD5LF0OiMs/ew919A3KF5I
Hiiy/LlD4uZDCnXj2wBr/6r5NAZMFyeLwXS1DVBBiZt1Q0MEEsLUSnnsK/VYoD69
Z0dYSUoxJlthXgh490vw7H2sEXTk4BA8QaVPhjZ5o4shhEv9y6J6mBRan6mDkS0o
P93WsLyd9WLw2rGN9A4YhReNBbcT3ecIH27+Bfo6QySdx5dl+uim1Y0rBg+gbXuh
VIU82u56Lre+hp3BJZ2xVRszolkkjOwUcTr8NpvF0f6/9ue5p4kI1GSHcG46A0LE
ZVRwLlh67mfA2AUhfMhH17IoRLMAGYZIXKye/ZM8XsqPSvPTzL3P4t5O0vCJ/L0x
JT+CGCMtlKwRG/xa+Gyq9mFwNCdYuvItBn91R5iyuEUkZsmt0lY=
=M7Nd
-----END PGP SIGNATURE-----


Reply to: