Branch p7 update bulletin.

Package ansible updated to version 1.5.4-alt0.M70P.1 for branch p7 in task 118439.

Published: 2020-01-09
Modified: 2024-11-21

CVE-2014-2686

Ansible prior to 1.5.4 mishandles the evaluation of some strings.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

https://groups.google.com/forum/#%21searchin/ansible-project/1.5.4/ansible-project/MUQxiKwSQDc/id6aVaawVboJ
https://groups.google.com/forum/#%21searchin/ansible-project/1.5.4/ansible-project/MUQxiKwSQDc/id6aVaawVboJ

Published: 2020-02-20
Modified: 2024-11-21

CVE-2014-4657

The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md
https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md
68232
68232

v1.5.0

Version: 2.1.0

Branch p7 update on 2014-04-19

ALT-BU-2014-2721-1

ALT-PU-2014-1508-1

Closed vulnerabilities

CVE-2014-2686

CVE-2014-4657

Closed bugs

Bug #29865