Issued:: 2020-01-23
Updated:: 2020-01-23

RHSA-2020:0215 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: Ansible security and bug fix update (2.9.4)

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for ansible is now available for Ansible Engine 2.9

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Ansible is a simple model-driven configuration management, multi-node
deployment, and remote-task execution system. Ansible works over SSH and
does not require any software or daemons to be installed on remote nodes.
Extension modules can be written in any language and are transferred to
managed machines automatically.

The following packages have been upgraded to a newer upstream version:
ansible (2.9.4)

Bug Fix(es):

CVE-2019-14904 Ansible: vulnerability in solaris_zone module via crafted

solaris zone

CVE-2019-14905 Ansible: malicious code could craft filename in

nxos_file_copy module

See:
https://github.com/ansible/ansible/blob/v2.9.4/changelogs/CHANGELOG-v2.9.rst for details on bug fixes in this release.

Solution

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Ansible Engine 2.9 for RHEL 8 x86_64
Red Hat Ansible Engine 2.9 for RHEL 8 s390x
Red Hat Ansible Engine 2.9 for RHEL 8 ppc64le
Red Hat Ansible Engine 2.9 for RHEL 8 aarch64
Red Hat Ansible Engine 2.9 for RHEL 7 x86_64
Red Hat Ansible Engine 2.9 for RHEL 7 s390x
Red Hat Ansible Engine 2.9 for RHEL 7 ppc64le

Fixes

BZ - 1776943 - CVE-2019-14905 Ansible: malicious code could craft filename in nxos_file_copy module
BZ - 1776944 - CVE-2019-14904 Ansible: vulnerability in solaris_zone module via crafted solaris zone

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Ansible Engine 2.9 for RHEL 8

SRPM
ansible-2.9.4-1.el8ae.src.rpm	SHA-256: ca60aeb2b8ee31679def2e2d3d531d0776940d68dc8cfbd37a7a7edebb2a8d59
x86_64
ansible-2.9.4-1.el8ae.noarch.rpm	SHA-256: 86b6a54ab98b45edb7db25b2ba7dadb55ad37764ece8d3601123534a9fe82ad4
ansible-test-2.9.4-1.el8ae.noarch.rpm	SHA-256: 90822416e49794c74133006701b61d8b17e6182e0d6f052ddfe13e200734d954
s390x
ansible-2.9.4-1.el8ae.noarch.rpm	SHA-256: 86b6a54ab98b45edb7db25b2ba7dadb55ad37764ece8d3601123534a9fe82ad4
ansible-test-2.9.4-1.el8ae.noarch.rpm	SHA-256: 90822416e49794c74133006701b61d8b17e6182e0d6f052ddfe13e200734d954
ppc64le
ansible-2.9.4-1.el8ae.noarch.rpm	SHA-256: 86b6a54ab98b45edb7db25b2ba7dadb55ad37764ece8d3601123534a9fe82ad4
ansible-test-2.9.4-1.el8ae.noarch.rpm	SHA-256: 90822416e49794c74133006701b61d8b17e6182e0d6f052ddfe13e200734d954
aarch64
ansible-2.9.4-1.el8ae.noarch.rpm	SHA-256: 86b6a54ab98b45edb7db25b2ba7dadb55ad37764ece8d3601123534a9fe82ad4
ansible-test-2.9.4-1.el8ae.noarch.rpm	SHA-256: 90822416e49794c74133006701b61d8b17e6182e0d6f052ddfe13e200734d954

Red Hat Ansible Engine 2.9 for RHEL 7

SRPM
ansible-2.9.4-1.el7ae.src.rpm	SHA-256: cb5e6436272031ad9ac7a22fb30af91a0c02444965ca5d8f5a70c4dc4a16a739
x86_64
ansible-2.9.4-1.el7ae.noarch.rpm	SHA-256: 9ac13cb7d5053126d00c4f4393f89ab6b829959183657285d122de1961a4673a
ansible-test-2.9.4-1.el7ae.noarch.rpm	SHA-256: f6afbfa02fc65cf0e3558b7988826f62c2b13cf3b4a703d6d117ec8ee045a0e2
s390x
ansible-2.9.4-1.el7ae.noarch.rpm	SHA-256: 9ac13cb7d5053126d00c4f4393f89ab6b829959183657285d122de1961a4673a
ansible-test-2.9.4-1.el7ae.noarch.rpm	SHA-256: f6afbfa02fc65cf0e3558b7988826f62c2b13cf3b4a703d6d117ec8ee045a0e2
ppc64le
ansible-2.9.4-1.el7ae.noarch.rpm	SHA-256: 9ac13cb7d5053126d00c4f4393f89ab6b829959183657285d122de1961a4673a
ansible-2.9.4-1.el7ae.noarch.rpm	SHA-256: 9ac13cb7d5053126d00c4f4393f89ab6b829959183657285d122de1961a4673a
ansible-test-2.9.4-1.el7ae.noarch.rpm	SHA-256: f6afbfa02fc65cf0e3558b7988826f62c2b13cf3b4a703d6d117ec8ee045a0e2
ansible-test-2.9.4-1.el7ae.noarch.rpm	SHA-256: f6afbfa02fc65cf0e3558b7988826f62c2b13cf3b4a703d6d117ec8ee045a0e2

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation