Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6846-2

Ubuntu Security Notice 6846-2 - USN-6846-1 fixed vulnerabilities in ansible. The update introduced a regression in ansible. This update fixes the problem. It was discovered that Ansible incorrectly handled certain inputs when using tower_callback parameter. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

Packet Storm
#vulnerability#ubuntu
==========================================================================Ubuntu Security Notice USN-6846-2December 02, 2024ansible regression==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:USN-6846-1 caused some regression in ansible.Software Description:- ansible: Configuration management, deployment, and task execution systemDetails:USN-6846-1 fixed vulnerabilities in ansible. The update introduced aregression in ansible. This update fixes the problem.We apologize for the inconvenience.Original advisory details: It was discovered that Ansible incorrectly handled certain inputs when using tower_callback parameter. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3697) It was discovered that Ansible incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a Template Injection. (CVE-2023-5764)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS  ansible                         2.5.1+dfsg-1ubuntu0.1+esm3                                  Available with Ubuntu ProUbuntu 16.04 LTS  ansible                         2.0.0.2-2ubuntu1.3+esm3                                  Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6846-2  https://ubuntu.com/security/notices/USN-6846-1  https://launchpad.net/bugs/2073569

Related news

Ubuntu Security Notice USN-6846-1

Ubuntu Security Notice 6846-1 - It was discovered that Ansible incorrectly handled certain inputs when using tower_callback parameter. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that Ansible incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a Template Injection.

Ubuntu Security Notice USN-6846-1

Ubuntu Security Notice 6846-1 - It was discovered that Ansible incorrectly handled certain inputs when using tower_callback parameter. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that Ansible incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a Template Injection.

CVE-2023-5764: cve-details

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce code injection when supplying templating data.

CVE-2022-3697: ec2_instance - validate options on tower_callback by tremble · Pull Request #1199 · ansible-collections/amazon.aws

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution