Detections
Analytics

openSUSE Security Update : ansible (openSUSE-2019-1635)

high Nessus Plugin ID 126326

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for ansible fixes the following issues :

Ansible was updated to version 2.8.1 :

Full changelog is at /usr/share/doc/packages/ansible/changelogs/

 - Bugfixes

 - ACI - DO not encode query_string

 - ACI modules - Fix non-signature authentication

 - Add missing directory provided via ``--playbook-dir`` to adjacent collection loading

 - Fix 'Interface not found' errors when using eos_l2_interface with non-existent interfaces configured

 - Fix cannot get credential when `source_auth` set to `credential_file`.

 - Fix netconf_config backup string issue

 - Fix privilege escalation support for the docker connection plugin when credentials need to be supplied (e.g. sudo with password).

 - Fix vyos cli prompt inspection

 - Fixed loading namespaced documentation fragments from collections.

 - Fixing bug came up after running cnos_vrf module against coverity.

 - Properly handle data importer failures on PVC creation, instead of timing out.

 - To fix the ios static route TC failure in CI

 - To fix the nios member module params

 - To fix the nios_zone module idempotency failure

 - add terminal initial prompt for initial connection

 - allow include_role to work with ansible command

 - allow python_requirements_facts to report on dependencies containing dashes

 - asa_config fix

 - azure_rm_roledefinition - fix a small error in build scope.

 - azure_rm_virtualnetworkpeering - fix cross subscriptions virtual network peering.

 - cgroup_perf_recap - When not using file_per_task, make sure we don't prematurely close the perf files

 - display underlying error when reporting an invalid ``tasks:`` block.

 - dnf - fix wildcard matching for state: absent

 - docker connection plugin - accept version ``dev`` as 'newest version' and print warning.

 - docker_container - ``oom_killer`` and ``oom_score_adj`` options are available since docker-py 1.8.0, not 2.0.0 as assumed by the version check.

 - docker_container - fix network creation when ``networks_cli_compatible`` is enabled.

 - docker_container - use docker API's ``restart`` instead of ``stop``/``start`` to restart a container.

 - docker_image - if ``build`` was not specified, the wrong default for ``build.rm`` is used.

 - docker_image - if ``nocache`` set to ``yes`` but not ``build.nocache``, the module failed.

 - docker_image - module failed when ``source: build`` was set but ``build.path`` options not specified.

 - docker_network module - fix idempotency when using ``aux_addresses`` in ``ipam_config``.

 - ec2_instance - make Name tag idempotent

 - eos: don't fail modules without become set, instead show message and continue

 - eos_config: check for session support when asked to 'diff_against: session'

 - eos_eapi: fix idempotency issues when vrf was unspecified.

 - fix bugs for ce - more info see

 - fix incorrect uses of to_native that should be to_text instead.

 - hcloud_volume - Fix idempotency when attaching a server to a volume.

 - ibm_storage - Added a check for null fields in ibm_storage utils module.

 - include_tasks - whitelist ``listen`` as a valid keyword

 - k8s - resource updates applied with force work correctly now

 - keep results subset also when not no_log.

 - meraki_switchport - improve reliability with native VLAN functionality.

 - netapp_e_iscsi_target - fix netapp_e_iscsi_target chap secret size and clearing functionality

 - netapp_e_volumes - fix workload profileId indexing when no previous workload tags exist on the storage array.

 - nxos_acl some platforms/versions raise when no ACLs are present

 - nxos_facts fix <https://github.com/ansible/ansible/pull/57009>

 - nxos_file_copy fix passwordless workflow

 - nxos_interface Fix admin_state check for n6k

 - nxos_snmp_traps fix group all for N35 platforms

 - nxos_snmp_user fix platform fixes for get_snmp_user

 - nxos_vlan mode idempotence bug

 - nxos_vlan vlan names containing regex ctl chars should be escaped

 - nxos_vtp_* modules fix n6k issues

 - openssl_certificate - fix private key passphrase handling for ``cryptography`` backend.

 - openssl_pkcs12 - fixes crash when private key has a passphrase and the module is run a second time.

 - os_stack - Apply tags conditionally so that the module does not throw up an error when using an older distro of openstacksdk

 - pass correct loading context to persistent connections other than local

 - pkg_mgr - Ansible 2.8.0 failing to install yum packages on Amazon Linux

 - postgresql - added initial SSL related tests

 - postgresql - added missing_required_libs, removed excess param mapping

 - postgresql - move connect_to_db and get_pg_version into module_utils/postgres.py (https://github.com/ansible/ansible/pull/55514)

 - postgresql_db - add note to the documentation about state dump and the incorrect rc (https://github.com/ansible/ansible/pull/57297)

 - postgresql_db - fix for postgresql_db fails if stderr contains output

 - postgresql_ping - fixed a typo in the module documentation

 - preserve actual ssh error when we cannot connect.

 - route53_facts - the module did not advertise check mode support, causing it not to be run in check mode.

 - sysctl: the module now also checks the output of STDERR to report if values are correctly set (https://github.com/ansible/ansible/pull/55695)

 - ufw - correctly check status when logging is off

 - uri - always return a value for status even during failure

 - urls - Handle redirects properly for IPv6 address by not splitting on ``:`` and rely on already parsed hostname and port values

 - vmware_vm_facts - fix the support with regular ESXi

 - vyos_interface fix <https://github.com/ansible/ansible/pull/57169>

 - we don't really need to template vars on definition as we do this on demand in templating.

 - win_acl - Fix qualifier parser when using UNC paths -

 - win_hostname - Fix non netbios compliant name handling

 - winrm - Fix issue when attempting to parse CLIXML on send input failure

 - xenserver_guest - fixed an issue where VM whould be powered off even though check mode is used if reconfiguration requires VM to be powered off.

 - xenserver_guest - proper error message is shown when maximum number of network interfaces is reached and multiple network interfaces are added at once.

 - yum - Fix false error message about autoremove not being supported

 - yum - fix failure when using ``update_cache`` standalone

 - yum - handle special '_none_' value for proxy in yum.conf and .repo files

Update to version 2.8.0

Major changes :

 - Experimental support for Ansible Collections and content namespacing - Ansible content can now be packaged in a collection and addressed via namespaces. This allows for easier sharing, distribution, and installation of bundled modules/roles/plugins, and consistent rules for accessing specific content via namespaces.

 - Python interpreter discovery - The first time a Python module runs on a target, Ansible will attempt to discover the proper default Python interpreter to use for the target platform/version (instead of immediately defaulting to /usr/bin/python). You can override this behavior by setting ansible_python_interpreter or via config. (see https://github.com/ansible/ansible/pull/50163)

 - become - The deprecated CLI arguments for --sudo,
 --sudo-user,

 --ask-sudo-pass, -su, --su-user, and --ask-su-pass have been removed, in favor of the more generic --become,
 --become-user, --become-method, and

 --ask-become-pass.

 - become - become functionality has been migrated to a plugin architecture, to allow customization of become functionality and 3rd party become methods (https://github.com/ansible/ansible/pull/50991)

 - addresses CVE-2018-16859, CVE-2018-16876, CVE-2019-3828, CVE-2018-16837

For the full changelog see /usr/share/doc/packages/ansible/changelogs or online:
https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELO G-v2.8.rst

Solution

Update the affected ansible package.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1109957

https://bugzilla.opensuse.org/show_bug.cgi?id=1112959

https://bugzilla.opensuse.org/show_bug.cgi?id=1118896

https://bugzilla.opensuse.org/show_bug.cgi?id=1126503

http://www.nessus.org/u?038dc6b5

https://github.com/ansible/ansible/pull/50163

https://github.com/ansible/ansible/pull/50991

https://github.com/ansible/ansible/pull/55514

https://github.com/ansible/ansible/pull/55695

https://github.com/ansible/ansible/pull/57009

https://github.com/ansible/ansible/pull/57169

https://github.com/ansible/ansible/pull/57297

Plugin Details

Severity: High

ID: 126326

File Name: openSUSE-2019-1635.nasl

Version: 1.8

Type: local

Agent: unix

Published: 6/28/2019

Updated: 5/14/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 2.7

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2018-16876

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2018-16837

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:ansible, cpe:/o:novell:opensuse:15.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/27/2019

Vulnerability Publication Date: 10/23/2018

Reference Information

CVE: CVE-2018-16837, CVE-2018-16859, CVE-2018-16876, CVE-2019-3828