—

PYSEC-2018-43

상세

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / ansible

최초 영향 버전: 2.5 수정 버전: 2.5.6

수정 pip install --upgrade 'ansible>=2.5.6'

참고

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875 [REPORT]
https://access.redhat.com/errata/RHSA-2018:2166 [ADVISORY]
https://access.redhat.com/errata/RHSA-2018:2152 [ADVISORY]
https://access.redhat.com/errata/RHSA-2018:2151 [ADVISORY]
https://access.redhat.com/errata/RHSA-2018:2150 [ADVISORY]
https://access.redhat.com/errata/RHSA-2018:2321 [ADVISORY]
http://www.securitytracker.com/id/1041396 [WEB]
https://access.redhat.com/errata/RHSA-2018:2585 [ADVISORY]
https://access.redhat.com/errata/RHBA-2018:3788 [ADVISORY]
https://access.redhat.com/errata/RHSA-2019:0054 [ADVISORY]
https://www.debian.org/security/2019/dsa-4396 [ADVISORY]
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html [WEB]
https://usn.ubuntu.com/4072-1/ [WEB]
https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html [WEB]