-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 08 Nov 2024 20:26:18 +0000
Source: ansible
Architecture: source
Version: 2.10.7+merged+base+2.10.17+dfsg-0+deb11u2
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1082851
Changes:
ansible (2.10.7+merged+base+2.10.17+dfsg-0+deb11u2) bullseye-security; urgency=high
.
* Non Maintainer Upload by the LTS team.
* Fix CVE-2024-8775:
A flaw was found in Ansible, where sensitive information stored in
Ansible Vault files can be exposed in plaintext during the execution
of a playbook. This occurs when using tasks such as include_vars to
load vaulted variables without setting the no_log: true parameter,
resulting in sensitive data being printed in the playbook output or
logs. This can lead to the unintentional disclosure of secrets like
passwords or API keys, compromising security and potentially allowing
unauthorized access or actions.
(Closes: #1082851)
* Fix CVE-2024-9902: A flaw was found in Ansible.
The ansible-core `user` module can allow an
unprivileged user to silently create or replace
the contents of any file on any system path
and take ownership of it when a privileged user
executes the `user` module against the unprivileged
user's home directory. If the unprivileged user
has traversal permissions on the directory containing
the exploited target file, they retain full control
over the contents of the file as its owner.
* Disable incidental_lvg test that always failed and was
disable on bookworm and later.
Checksums-Sha1:
66d216e93416209c989e297006500713752ced43 2823 ansible_2.10.7+merged+base+2.10.17+dfsg-0+deb11u2.dsc
3d0c7ed8ad104c4df37386823da0b3fa81a7eace 20731960 ansible_2.10.7+merged+base+2.10.17+dfsg.orig.tar.xz
87e9b85b76871efe20d1d47903e2bd15c78cf0bb 57480 ansible_2.10.7+merged+base+2.10.17+dfsg-0+deb11u2.debian.tar.xz
9f4c71d7a514999ef2fcbd606e7b25724876aa5f 7391 ansible_2.10.7+merged+base+2.10.17+dfsg-0+deb11u2_amd64.buildinfo
Checksums-Sha256:
d7e03a0045c142163ec094ab67204513bb605c126fefb9e9e7dde8c415b135d4 2823 ansible_2.10.7+merged+base+2.10.17+dfsg-0+deb11u2.dsc
0c49275be642143d971ec802ebb192de1e0ad1a7ca07511103ae905f9b67f5b5 20731960 ansible_2.10.7+merged+base+2.10.17+dfsg.orig.tar.xz
9954a76548661147fcd1e7394c26a53a80b4461122700844f2caea6c01d964cc 57480 ansible_2.10.7+merged+base+2.10.17+dfsg-0+deb11u2.debian.tar.xz
7d2d0aea1bf4f64b50e40581ae8e115349566bff6ec0a78baee2b6d2273c8492 7391 ansible_2.10.7+merged+base+2.10.17+dfsg-0+deb11u2_amd64.buildinfo
Files:
6c80c2538b09d313f4623b215c098b2f 2823 admin optional ansible_2.10.7+merged+base+2.10.17+dfsg-0+deb11u2.dsc
bdf0596a969c2416fc71784f0dc16e04 20731960 admin optional ansible_2.10.7+merged+base+2.10.17+dfsg.orig.tar.xz
23a0960b6e4b39a6c318336682ab49d0 57480 admin optional ansible_2.10.7+merged+base+2.10.17+dfsg-0+deb11u2.debian.tar.xz
30e0a1f52380d637fe9a65ed93ed245c 7391 admin optional ansible_2.10.7+merged+base+2.10.17+dfsg-0+deb11u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmdCTgARHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF83LQ//eL038K2wpzgJtCiz0T85zcD/FruVwlu7
t1ZR5FWuYHLThz8/5OMOZPL4K/urEY5GwxnYASEwogBMvJOAiCZnM6fpE0o7EtiB
iM9+8luC0zpAKQva95CNmZBF5mAxBB7NVKvGueeu/Ti1wudqdeEvSPMuWLoGIEsI
iLGZtqvwEbR+7bJps16XpfPXrMP6bqHQRjQemNQfs3YMv7NHDrFkpHZI4Rv9ZAY8
FBUbEw00lrin4n9sRZbHnNu7tdh+sbUrPXfD1ljmIKY8+kQmFqzV8a529w2+bvBF
ozX8rpG2qpgBW9CWkX2wRs2F1HWRlKSyTX7Nmc3r6Zq2SBWirSyY18l4WgZcenSt
shZjeKFL3qQ4WpGiAVgR/qb0bXWvKqSP1IK3yzC8uq9Zm12BPJgVWhFFxWmukXYT
q00KWnQuPGv9esjy7MQBKTXlX6ewAsUFNNecXDMo3RucFHfpOyUCurD6AoEmg1NN
y/wpmEzJBI7UTKnKZMLGd2iTSJdK1prAWdBsUH37CLt6Bs3+8XlofyMF/W07Aorw
oY2JMSFWSY0ZRx+pcFPkoR1al0V8vngs3I6uBLkf93a89r7em3Ihy5diKScoVQ6G
wrxJ3+rs7l1i6YTNvYE3PZEr6o6NwXaZsBhqZaiY8VbIlGy3+8rnLmKSvLQTSZVu
mV5X9rCjL28=
=6c/m
-----END PGP SIGNATURE-----
Attachment:
pgpCT0hIpF1q0.pgp
Description: PGP signature