RHBA-2017:3119 - Bug Fix Advisory

Topic

Ansible 2.4.1 bugfix release for Ansible Engine products

Description

• Security fix for CVE-2017-7550, where the jenkins_plugin module was logging the Jenkins server password if the url_password was passed via the params field:

https://github.com/ansible/ansible/pull/30875

• Update openssl\* module documentation to show openssl-0.16 is the minimum version
• Fixed openssl_certificate's CSR handling
• Python-3 fixes
• Fixed openssl_certificate parameter assertion on Python3
• Fixed Python3 and non-ascii strings in inventory plugins (https://github.com/ansible/ansible/pull/30666)
• Fixed missing urllib in iam_policy
• Fixed crypttab module for bytes<=>text string mismatch ( https://github.com/ansible/ansible/pull/30457 )
• Fixed lxc_container module combining bytes with text ( https://github.com/ansible/ansible/pull/30572 )
• Fixed a problem where map did not return a list on Python3 in ec2_snapshot_facts module (https://github.com/ansible/ansible/pull/30606)
• Fixed a problem with win_file so that it respects check mode when deleting directories
• Fixed Ansible.ModuleUtils.Legacy.psm1 so that it returns list params correctly
• Fixed a problem related to proper logout in the module ovirt_vms
• Fixed docs for 'password' lookup
• Corrected and added missing feature and porting docs for 2.4
• Fixed Ansible.ModuleUtils.CamelConversion to handle empty lists and lists with one entry
• Fixed nxos terminal regex to parse username correctly.
• Fixed colors for selective callback
• Fixed the 'New password' prompt on 'ansible-vault edit' (https://github.com/ansible/ansible/issues/30491)
• Fixed the 'ansible-vault encrypt' with vault_password_file in config and --ask-vault-pass cli (https://github.com/ansible/ansible/pull/30514#pullrequestreview
• Updated porting guide with notes for callbacks and config
• Added backward compatibility shim for callbacks that do not inherit from CallbackBase
• Corrected issue with configuration and multiple ini entries being overwriten even when not set
• Backport fix for doc generation (plugin_formatter)
• Fixed ec2_lc module for an unknown parameter name (https://github.com/ansible/ansible/pull/30573)
• Changed configuration of defaults to use standard jinja2 instead of custom

eval() for using variables in the default field of config (https://github.com/ansible/ansible/pull/30650)

• Added missing entry in chlog deprecation
• Fixed precedence and values for become flags and executable settings
• Updated win_domain_membership to throw more helpful error messages and check/fix when calling WMI function after changing workgroup
• Fixed the win_power_plan to compare the OS version's correctly and work on Windows 10/Server 2016
• Fixed module doc for typo in telnet command option
• Fixed OpenBSD pkg_mgr fact (https://github.com/ansible/ansible/issues/30623)
• Fixed encoding error when there are nonascii values in the path to the ssh binary
• Removed YAML inventory group name validation, which broke existing setups and should be global in any case
• Added performance improvements for inventory, which had slowed down considerably from 2.3
• Fixed CPU facts on sparc64 (https://github.com/ansible/ansible/pull/30261)
• Fixed ansible_distribution fact for Arch Linux (https://github.com/ansible/ansible/issues/30600)
• Removed print statements from play_context/become
• Fixed vault errors after 'ansible-vault edit' (https://github.com/ansible/ansible/issues/30575)
• Updated API doc example to match API changes
• Corrected issues with slack callback plugin
• Updated docs to reflect that "import_playbook" is correct, not "import_plays"
• Fixed a typo and missed include/import conversion in import_tasks docs
• Updated porting docs with note about inventory_dir
• Removed an extension requirement for yaml inventory plugin to restore previous behavior
• Fixed ansible-pull to now correctly deal with inventory
• Corrected dig lookup docs
• Fixed type handling for sensu_silence so the module works

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Ansible Engine 2.4 x86_64
• Red Hat Ansible Engine 2.4 ppc64le
• Red Hat Ansible Engine 2 for RHEL 7 x86_64

Fixes

CVEs

(none)

References

(none)