|
|
Subscribe / Log in / New account

ansible: two vulnerabilities

Package(s):ansible CVE #(s):CVE-2015-3908
Created:July 6, 2015 Updated:August 31, 2015
Description: From the Fedora advisory:

Update to 1.9.2. Fixes CVE-2015-3908 (hostname and cert matching in some modules and plugins) and another not yet issued CVE on chroot/jail/zone connection plugins as well as a number of bugfixes.

A bit more information can be found on the Ansible security page:

CVE-2015-3908 - Ensure that hostnames match certificate names when using HTTPS - resolved in Ansible 1.9.2

Number pending - Improprer symlink handling in zone, jail, and chroot connection plugins could lead to escape from confined environment - resolved in Ansible 1.9.2

Alerts:
Mageia MGASA-2015-0292 ansible 2015-07-28
openSUSE openSUSE-SU-2015:1280-1 ansible 2015-07-22
openSUSE openSUSE-SU-2015:1452-1 ansible 2015-08-28
Fedora FEDORA-2015-10807 ansible 2015-07-05
Fedora FEDORA-2015-10797 ansible 2015-07-05
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds