Issued:
2017-11-06
Updated:
2017-11-06

RHBA-2017:3119 - Bug Fix Advisory

Synopsis

Ansible Engine 2.4.1 Z-release

Type/Severity

Bug Fix Advisory

Topic

Ansible 2.4.1 bugfix release for Ansible Engine products

Description

  • Security fix for CVE-2017-7550, where the jenkins_plugin module was logging the Jenkins server password if the url_password was passed via the params field:
    https://github.com/ansible/ansible/pull/30875
  • Update openssl\* module documentation to show openssl-0.16 is the minimum version
  • Fixed openssl_certificate's CSR handling
  • Python-3 fixes
  • Fixed openssl_certificate parameter assertion on Python3
  • Fixed Python3 and non-ascii strings in inventory plugins (https://github.com/ansible/ansible/pull/30666)
  • Fixed missing urllib in iam_policy
  • Fixed crypttab module for bytes<=>text string mismatch ( https://github.com/ansible/ansible/pull/30457 )
  • Fixed lxc_container module combining bytes with text ( https://github.com/ansible/ansible/pull/30572 )
  • Fixed a problem where map did not return a list on Python3 in ec2_snapshot_facts module (https://github.com/ansible/ansible/pull/30606)
  • Fixed a problem with win_file so that it respects check mode when deleting directories
  • Fixed Ansible.ModuleUtils.Legacy.psm1 so that it returns list params correctly
  • Fixed a problem related to proper logout in the module ovirt_vms
  • Fixed docs for 'password' lookup
  • Corrected and added missing feature and porting docs for 2.4
  • Fixed Ansible.ModuleUtils.CamelConversion to handle empty lists and lists with one entry
  • Fixed nxos terminal regex to parse username correctly.
  • Fixed colors for selective callback
  • Fixed the 'New password' prompt on 'ansible-vault edit' (https://github.com/ansible/ansible/issues/30491)
  • Fixed the 'ansible-vault encrypt' with vault_password_file in config and --ask-vault-pass cli (https://github.com/ansible/ansible/pull/30514#pullrequestreview
  • Updated porting guide with notes for callbacks and config
  • Added backward compatibility shim for callbacks that do not inherit from CallbackBase
  • Corrected issue with configuration and multiple ini entries being overwriten even when not set
  • Backport fix for doc generation (plugin_formatter)
  • Fixed ec2_lc module for an unknown parameter name (https://github.com/ansible/ansible/pull/30573)
  • Changed configuration of defaults to use standard jinja2 instead of custom
    eval() for using variables in the default field of config (https://github.com/ansible/ansible/pull/30650)
  • Added missing entry in chlog deprecation
  • Fixed precedence and values for become flags and executable settings
  • Updated win_domain_membership to throw more helpful error messages and check/fix when calling WMI function after changing workgroup
  • Fixed the win_power_plan to compare the OS version's correctly and work on Windows 10/Server 2016
  • Fixed module doc for typo in telnet command option
  • Fixed OpenBSD pkg_mgr fact (https://github.com/ansible/ansible/issues/30623)
  • Fixed encoding error when there are nonascii values in the path to the ssh binary
  • Removed YAML inventory group name validation, which broke existing setups and should be global in any case
  • Added performance improvements for inventory, which had slowed down considerably from 2.3
  • Fixed CPU facts on sparc64 (https://github.com/ansible/ansible/pull/30261)
  • Fixed ansible_distribution fact for Arch Linux (https://github.com/ansible/ansible/issues/30600)
  • Removed print statements from play_context/become
  • Fixed vault errors after 'ansible-vault edit' (https://github.com/ansible/ansible/issues/30575)
  • Updated API doc example to match API changes
  • Corrected issues with slack callback plugin
  • Updated docs to reflect that "import_playbook" is correct, not "import_plays"
  • Fixed a typo and missed include/import conversion in import_tasks docs
  • Updated porting docs with note about inventory_dir
  • Removed an extension requirement for yaml inventory plugin to restore previous behavior
  • Fixed ansible-pull to now correctly deal with inventory
  • Corrected dig lookup docs
  • Fixed type handling for sensu_silence so the module works

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Ansible Engine 2.4 x86_64
  • Red Hat Ansible Engine 2.4 ppc64le
  • Red Hat Ansible Engine 2 x86_64

Fixes

(none)

CVEs

(none)

References

(none)

Red Hat Ansible Engine 2.4

SRPM
ansible-2.4.1.0-1.el7ae.src.rpm SHA-256: 48e29d807929c7e2eae085c2225e0da432a3e26877ade93edffd4c35edf47316
python-jmespath-0.9.0-4.el7ae.src.rpm SHA-256: 39cad65a0eda393d3a9f3fa65d357081036c3bd276b26b60aaa16f8356e8cc75
x86_64
ansible-2.4.1.0-1.el7ae.noarch.rpm SHA-256: 9c90c4103f928f04762941dd1c33e24615055397cb25e732ef2ea742a8686e32
ansible-doc-2.4.1.0-1.el7ae.noarch.rpm SHA-256: 10e8aa7a29372ea648c3f1aace9fb17eb0a02f608e6f28d538ff5b9b5bba8e12
python2-jmespath-0.9.0-4.el7ae.noarch.rpm SHA-256: 766862f83804267ea5fc1d6e5d2deb7a0bd29763b7c9b253ca76e83fe53eb842
ppc64le
ansible-2.4.1.0-1.el7ae.noarch.rpm SHA-256: 9c90c4103f928f04762941dd1c33e24615055397cb25e732ef2ea742a8686e32
ansible-doc-2.4.1.0-1.el7ae.noarch.rpm SHA-256: 10e8aa7a29372ea648c3f1aace9fb17eb0a02f608e6f28d538ff5b9b5bba8e12
python2-jmespath-0.9.0-4.el7ae.noarch.rpm SHA-256: 766862f83804267ea5fc1d6e5d2deb7a0bd29763b7c9b253ca76e83fe53eb842

Red Hat Ansible Engine 2

SRPM
x86_64
ansible-2.4.1.0-1.el7ae.noarch.rpm SHA-256: 9c90c4103f928f04762941dd1c33e24615055397cb25e732ef2ea742a8686e32
ansible-doc-2.4.1.0-1.el7ae.noarch.rpm SHA-256: 10e8aa7a29372ea648c3f1aace9fb17eb0a02f608e6f28d538ff5b9b5bba8e12
python2-jmespath-0.9.0-4.el7ae.noarch.rpm SHA-256: 766862f83804267ea5fc1d6e5d2deb7a0bd29763b7c9b253ca76e83fe53eb842

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.