SUSE-SU-2017:3029-1: moderate: Security update for ansible and monasca-installer
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Nov 17 10:07:29 MST 2017
SUSE Security Update: Security update for ansible and monasca-installer
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:3029-1
Rating: moderate
References: #1019021 #1038785 #1056094
Cross-References: CVE-2016-9587 CVE-2017-7466 CVE-2017-7481
Affected Products:
SUSE OpenStack Cloud 7
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for ansible provides version 2.2.3.0 and fixes the following
security issues:
- CVE-2017-7481: Data for lookup plugins used as variables was not being
marked as "unsafe" and could lead to unintentional disclosure of
information. (bsc#1038785)
- CVE-2016-9587: Prevent compromised host to execute commands on the
controller (bsc#1019021).
- CVE-2017-7466: Prevent arbitrary code execution on control nodes.
For more information about the upstream bugs fixed, please see
/usr/share/doc/packages/ansible/CHANGELOG.md
Additionally, monasca-installer received several compatibility fixes for
ansible.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 7:
zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1793=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE OpenStack Cloud 7 (noarch):
ansible-2.2.3.0-5.1
monasca-installer-20170912_10.45-5.1
References:
https://www.suse.com/security/cve/CVE-2016-9587.html
https://www.suse.com/security/cve/CVE-2017-7466.html
https://www.suse.com/security/cve/CVE-2017-7481.html
https://bugzilla.suse.com/1019021
https://bugzilla.suse.com/1038785
https://bugzilla.suse.com/1056094
More information about the sle-security-updates
mailing list