Security Information / 2021 / Security Information -- DSA-4950-1 ansible

Debian Security Advisory

DSA-4950-1 ansible -- security update

Date Reported:

07 Aug 2021

Affected Packages:

ansible

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2019-10156, CVE-2019-10206, CVE-2019-14846, CVE-2019-14864, CVE-2019-14904, CVE-2020-1733, CVE-2020-1735, CVE-2020-1739, CVE-2020-1740, CVE-2020-1746, CVE-2020-1753, CVE-2020-10684, CVE-2020-10685, CVE-2020-10729, CVE-2020-14330, CVE-2020-14332, CVE-2020-14365, CVE-2021-20228.

More information:

Several vulnerabilities have been found in Ansible, a configuration management, deployment and task execution system, which could result in information disclosure or argument injection. In addition a race condition in become_user was fixed.

For the stable distribution (buster), these problems have been fixed in version 2.7.7+dfsg-1+deb10u1.

We recommend that you upgrade your ansible packages.

For the detailed security status of ansible please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ansible