------------------------------------------------------------------------- Debian LTS Advisory DLA-4502-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Lee Garrett March 17, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : ansible Version : 2.10.7+merged+base+2.10.17+dfsg-0+deb11u4 CVE ID : CVE-2024-11079 Debian Bug : 1088106 A flaw was found in ansible, a configuration management, deployment, and task execution system. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks. For Debian 11 bullseye, this problem has been fixed in version 2.10.7+merged+base+2.10.17+dfsg-0+deb11u4. We recommend that you upgrade your ansible packages. For the detailed security status of ansible please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ansible Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature