ALT-BU-2022-3872-1
Branch p9 update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-3620
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
- https://bugzilla.redhat.com/show_bug.cgi?id=1975767
- https://bugzilla.redhat.com/show_bug.cgi?id=1975767
- https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes
- https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes
- https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0
- https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0
- https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
- https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
Closed bugs
При наличии perl-Package ansible модуль package пытается использовать pkg5
Closed vulnerabilities
BDU:2022-05563
Уязвимость реализации модуля WebSocket сервера для Jabber/XMPP Prosody, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-0217
It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611).
- https://bugzilla.redhat.com/show_bug.cgi?id=2040639
- https://bugzilla.redhat.com/show_bug.cgi?id=2040639
- https://prosody.im/security/advisory_20220113/
- https://prosody.im/security/advisory_20220113/
- https://prosody.im/security/advisory_20220113/1.patch
- https://prosody.im/security/advisory_20220113/1.patch