Red Hat Product Errata RHSA-2021:0664 - Security Advisory

Issued:: 2021-02-24
Updated:: 2021-02-24

RHSA-2021:0664 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: Ansible security and bug fix update (2.9.18)

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for ansible is now available for Ansible Engine 2.9

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Ansible is a simple model-driven configuration management, multi-node
deployment, and remote-task execution system. Ansible works over SSH and
does not require any software or daemons to be installed on remote nodes.
Extension modules can be written in any language and are transferred to
managed machines automatically.

The following packages have been upgraded to a newer upstream version:
ansible (2.9.18)

Bug Fix(es):

CVE-2021-20178 ansible: user data leak in snmp_facts module
CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes

secured values

CVE-2021-20191 ansible: multiple collections exposes secured values
CVE-2021-20228 ansible: basic.py no_log with fallback option

See:
https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst for details on bug fixes in this release.

Solution

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Ansible Engine 2.9 for RHEL 8 x86_64
Red Hat Ansible Engine 2.9 for RHEL 8 s390x
Red Hat Ansible Engine 2.9 for RHEL 8 ppc64le
Red Hat Ansible Engine 2.9 for RHEL 8 aarch64
Red Hat Ansible Engine 2.9 for RHEL 7 x86_64
Red Hat Ansible Engine 2.9 for RHEL 7 s390x
Red Hat Ansible Engine 2.9 for RHEL 7 ppc64le

Fixes

BZ - 1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module
BZ - 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values
BZ - 1916813 - CVE-2021-20191 ansible: multiple collections exposes secured values
BZ - 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Ansible Engine 2.9 for RHEL 8

SRPM
ansible-2.9.18-1.el8ae.src.rpm	SHA-256: cf4e8b6cbe204b00511f1438ff0698eabfad421662ccf4019ce726729c2a1389
x86_64
ansible-2.9.18-1.el8ae.noarch.rpm	SHA-256: 922bbf13a3607a805e9ac234ce098b6fe64ca997fb17b843617bf73974cd2a69
ansible-test-2.9.18-1.el8ae.noarch.rpm	SHA-256: 82891e5cb5dc756fa6fb3ac588efdc99bf7abe612b1880fa3d849ab14949bafd
s390x
ansible-2.9.18-1.el8ae.noarch.rpm	SHA-256: 922bbf13a3607a805e9ac234ce098b6fe64ca997fb17b843617bf73974cd2a69
ansible-test-2.9.18-1.el8ae.noarch.rpm	SHA-256: 82891e5cb5dc756fa6fb3ac588efdc99bf7abe612b1880fa3d849ab14949bafd
ppc64le
ansible-2.9.18-1.el8ae.noarch.rpm	SHA-256: 922bbf13a3607a805e9ac234ce098b6fe64ca997fb17b843617bf73974cd2a69
ansible-test-2.9.18-1.el8ae.noarch.rpm	SHA-256: 82891e5cb5dc756fa6fb3ac588efdc99bf7abe612b1880fa3d849ab14949bafd
aarch64
ansible-2.9.18-1.el8ae.noarch.rpm	SHA-256: 922bbf13a3607a805e9ac234ce098b6fe64ca997fb17b843617bf73974cd2a69
ansible-test-2.9.18-1.el8ae.noarch.rpm	SHA-256: 82891e5cb5dc756fa6fb3ac588efdc99bf7abe612b1880fa3d849ab14949bafd

Red Hat Ansible Engine 2.9 for RHEL 7

SRPM
ansible-2.9.18-1.el7ae.src.rpm	SHA-256: 64c2f36c5bfef783c7f50aec086b9e950a687a43c57b58dd5f9781a762269c74
x86_64
ansible-2.9.18-1.el7ae.noarch.rpm	SHA-256: 25cae8e063252ebda420ee51253890ef6bbcf1be3ee6fe3238d8a96dd84a6c9c
ansible-test-2.9.18-1.el7ae.noarch.rpm	SHA-256: 6093cab3ff8271872b8bf65ff443ccc948fe6ad80e8a69720638e0a131d7e83c
s390x
ansible-2.9.18-1.el7ae.noarch.rpm	SHA-256: 25cae8e063252ebda420ee51253890ef6bbcf1be3ee6fe3238d8a96dd84a6c9c
ansible-test-2.9.18-1.el7ae.noarch.rpm	SHA-256: 6093cab3ff8271872b8bf65ff443ccc948fe6ad80e8a69720638e0a131d7e83c
ppc64le
ansible-2.9.18-1.el7ae.noarch.rpm	SHA-256: 25cae8e063252ebda420ee51253890ef6bbcf1be3ee6fe3238d8a96dd84a6c9c
ansible-2.9.18-1.el7ae.noarch.rpm	SHA-256: 25cae8e063252ebda420ee51253890ef6bbcf1be3ee6fe3238d8a96dd84a6c9c
ansible-test-2.9.18-1.el7ae.noarch.rpm	SHA-256: 6093cab3ff8271872b8bf65ff443ccc948fe6ad80e8a69720638e0a131d7e83c
ansible-test-2.9.18-1.el7ae.noarch.rpm	SHA-256: 6093cab3ff8271872b8bf65ff443ccc948fe6ad80e8a69720638e0a131d7e83c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories