—

PYSEC-2020-208

상세

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / ansible

최초 영향 버전: 2.7.0 수정 버전: 2.8.0a1

수정 pip install --upgrade 'ansible>=2.8.0a1'

참고

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744 [REPORT]
https://github.com/advisories/GHSA-vp9j-rghq-8jhh [ADVISORY]