Fedora has issued an advisory today (June 24): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ILGCAZWUN7RSPO3IEB46IIDRMCI3ALP3/ The issue is fixed upstream in 2.4.5 and 2.5.5. Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO
Cauldron updated with 2.5.5
Status: NEW => ASSIGNED
MGA6 testing_updates updated with 2.4.5.0.
MGA5 testing_updates updated with 2.4.5.0.
Assignee: bruno => qa-bugsWhiteboard: MGA6TOO => MGA6TOO, MGA5TOO
Advisory: ======================== Updated ansible package fixes security vulnerability: Ansible prior to 2.4.5 does not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible (CVE-2018-10855). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10855 https://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ILGCAZWUN7RSPO3IEB46IIDRMCI3ALP3/ ======================== Updated packages in core/updates_testing: ======================== ansible-2.4.5.0-1.1.mga5 ansible-2.4.5.0-1.1.mga6 from SRPMS: ansible-2.4.5.0-1.1.mga5.src.rpm ansible-2.4.5.0-1.1.mga6.src.rpm
Version: Cauldron => 6Whiteboard: MGA6TOO, MGA5TOO => MGA5TOO
MGA5-32 on Dell Latitude D600 Xfce No installation issues Ref to my test in bug Comment 10. Created hosts file containing one remote IP address at CLI: $ ansible -i hosts -vvvv -u <remote user> all -m ping skipping lots of feedback the result: 192.168.2.1 | SUCCESS => { "changed": false, "failed": false, "invocation": { "module_args": { "data": "pong" } }, "ping": "pong" } Looks good
CC: (none) => herman.viaeneWhiteboard: MGA5TOO => MGA5TOO MGA5-32-OK
that is bug 19740 comment 10
MGA6-32 on IBM Thinkpad R50e MATE no installation issues. Same test and same result as comment 5 above.OK.
Whiteboard: MGA5TOO MGA5-32-OK => MGA5TOO MGA5-32-OK MGA6-32-OK
Advisory committed to svn. Validating the update.
Keywords: (none) => advisory, validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0303.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED