openSUSE has issued an advisory on December 3: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2Y6RFLPB54N7XR7AP7A2DEXGLBEDEQJU/
Source RPM: (none) => python-ansible-core-2.17.3-1.mga10.src.rpm, python-ansible-core-2.14.17-1.1.mga9.src.rpmSummary: python-ansible-core new security issues CVE-2024-8775 and CVE-2024-9902 => python-ansible-core new security issues CVE-2024-8775, CVE-2024-9902 and CVE-2024-11079Whiteboard: (none) => MGA9TOOCVE: (none) => CVE-2024-8775, CVE-2024-9902, CVE-2024-11079Status comment: (none) => Fixed upstream in 2.17.7 and 2.14.18 (only CVE-2024-8775)
M9 currently at python3-ansible-core Version : 2.14.17 Cauldron: version 2.17.3 Assigning to Python maintainers.
Assignee: bugsquad => python
Fixed in Cauldron.
Source RPM: python-ansible-core-2.17.3-1.mga10.src.rpm, python-ansible-core-2.14.17-1.1.mga9.src.rpm => python-ansible-core-2.14.17-1.1.mga9.src.rpmWhiteboard: MGA9TOO => (none)Version: Cauldron => 9
Suggested advisory: ======================== The updated package fixes security vulnerabilities: Exposure of sensitive information in ansible vault files due to improper logging. (CVE-2024-8775) Ansible-core user may read/write unauthorized content. (CVE-2024-9902) Unsafe tagging bypass via hostvars object in ansible-core. (CVE-2024-11079) References: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2Y6RFLPB54N7XR7AP7A2DEXGLBEDEQJU/ ======================== Updated package in core/updates_testing: ======================== python3-ansible-core-2.14.18-1.mga9 from SRPM: python-ansible-core-2.14.18-1.mga9.src.rpm
Status: NEW => ASSIGNEDAssignee: python => qa-bugsStatus comment: Fixed upstream in 2.17.7 and 2.14.18 (only CVE-2024-8775) => (none)
Keywords: (none) => advisory
RH x86_64 installing python3-ansible-core-2.14.18-1.mga9.noarch.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/1: python3-ansible-core ################################################################################################## 1/1: removing python3-ansible-core-2.14.17-1.1.mga9.noarch ################################################################################################## writing /var/lib/rpm/installed-through-deps.list ansible-lint depend on this so I test if still works as in bug#32419 comment#25 ansible-lint check_backend.yml WARNING Listing 1 violation(s) that are fatal load-failure[runtimeerror]: Failed to load YAML file check_backend.yml:1 while parsing a quoted scalar in "<unicode string>", line 156, column 15 found unknown escape character in "<unicode string>", line 156, column 73 Rule Violation Summary count tag profile rule associated tags 1 load-failure[runtimeerror] min core, unskippable Failed: 1 failure(s), 0 warning(s) on 1 files. A new release of ansible-lint is available: 6.21.1 → 25.1.2 Looks consistent with the expected output
CC: (none) => andrewsfarmWhiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0052.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED