ALT-BU-2024-3702-1
Branch c10f1 update bulletin.
Closed bugs
apt_rpm не обновляет пакеты
Package ansible-core updated to version 2.15.9-alt0.p10.1 for branch c10f1 in task 342058.
Closed vulnerabilities
BDU:2023-07854
Уязвимость системы управления конфигурациями Ansible, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код
BDU:2024-01561
Уязвимость компонента ansible-core системы управления конфигурациями Red Hat Ansible, позволяющая нарушителю раскрыть защищаемую информацию
Modified: 2024-11-21
CVE-2023-5764
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.
- RHSA-2023:7773
- RHSA-2023:7773
- https://access.redhat.com/security/cve/CVE-2023-5764
- https://access.redhat.com/security/cve/CVE-2023-5764
- RHBZ#2247629
- RHBZ#2247629
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU/
- https://security.netapp.com/advisory/ntap-20241025-0001/
Modified: 2025-01-17
CVE-2024-0690
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
- RHSA-2024:0733
- RHSA-2024:0733
- RHSA-2024:2246
- RHSA-2024:2246
- RHSA-2024:3043
- RHSA-2024:3043
- https://access.redhat.com/security/cve/CVE-2024-0690
- https://access.redhat.com/security/cve/CVE-2024-0690
- RHBZ#2259013
- RHBZ#2259013
- https://github.com/ansible/ansible/pull/82565
- https://github.com/ansible/ansible/pull/82565
- https://security.netapp.com/advisory/ntap-20250117-0001/
Closed bugs
apt_rpm не обновляет пакеты