ALT Linux Team

Package ansible update in t7 on 2015-07-03

ALT-PU-2015-1590-1

Package ansible updated to version 1.9.2-alt0.M70P.1 for branch t7 in task 146064.

Closed vulnerabilities

Published: 2015-08-12
Modified: 2025-04-12

CVE-2015-3908

Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
References:
Published: 2017-06-07
Modified: 2025-04-20

CVE-2015-6240

The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

Closed bugs

Bug #30995

Обновить версию

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top