Debian Security Advisory
DSA-4950-1 ansible -- security update
- Date Reported:
- 07 Aug 2021
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2019-10156, CVE-2019-10206, CVE-2019-14846, CVE-2019-14864, CVE-2019-14904, CVE-2020-1733, CVE-2020-1735, CVE-2020-1739, CVE-2020-1740, CVE-2020-1746, CVE-2020-1753, CVE-2020-10684, CVE-2020-10685, CVE-2020-10729, CVE-2020-14330, CVE-2020-14332, CVE-2020-14365, CVE-2021-20228.
- More information:
Several vulnerabilities have been found in Ansible, a configuration management, deployment and task execution system, which could result in information disclosure or argument injection. In addition a race condition in become_user was fixed.
For the stable distribution (buster), these problems have been fixed in version 2.7.7+dfsg-1+deb10u1.
We recommend that you upgrade your ansible packages.
For the detailed security status of ansible please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ansible