RedHat has issued an advisory on April 30: https://lwn.net/Articles/971689/ The fix: - for Cauldron: https://github.com/ansible/ansible/commit/b9a03bbf5a63459468baf8895ff74a62e9be4532 - for Mageia 9: https://github.com/ansible/ansible/commit/beb04bc2642c208447c5a936f94310528a1946b1
Source RPM: (none) => python-ansible-core-2.16.1-1.mga10.src.rpmWhiteboard: (none) => MGA9TOOStatus comment: (none) => Patches available from upstreamCVE: (none) => CVE-2024-0690
Thank you for the exact pointers to the patches. Assigning to Python (should have done this with other similar bugs); CC'ing wally who normally maintains this pkg.
CC: (none) => jani.valimaaAssignee: bugsquad => python
Cauldron updated to 2.16.5
CC: (none) => yvesbrungard
In fact, this is python-ansible-core-2.16.8-2.mga10 in cauldron For Mageia 9, I submit: SRPMS: python-ansible-core-2.14.17-1.1.mga9 RPMS: python3-ansible-core-2.14.17-1.1.mga9.noarch
Whiteboard: MGA9TOO => (none)Status comment: Patches available from upstream => (none)Version: Cauldron => 9Assignee: python => qa-bugs
Keywords: (none) => advisory
RH mageia 9 x86_64 Install current python3-ansible-core LC_ALL=C urpmi --auto --auto-update medium "QA Testing (32-bit)" is up-to-date medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing python3-ansible-core-2.14.17-1.1.mga9.noarch.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/1: python3-ansible-core ################################################################################################## 1/1: removing python3-ansible-core-2.14.2~rc1-3.mga9.noarch ################################################################################################## ansible-lint depend on this so I test if still works as in bug#32419 comment#25 ansible-lint check_backend.yml WARNING Listing 1 violation(s) that are fatal load-failure[runtimeerror]: Failed to load YAML file check_backend.yml:1 while parsing a quoted scalar in "<unicode string>", line 156, column 15 found unknown escape character in "<unicode string>", line 156, column 73 Rule Violation Summary count tag profile rule associated tags 1 load-failure[runtimeerror] min core, unskippable Failed: 1 failure(s), 0 warning(s) on 1 files. A new release of ansible-lint is available: 6.21.1 → 24.6.1 Looks consistent with the expected output
CC: (none) => andrewsfarmWhiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0239.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED