USN-6846-2: Ansible regression

2 December 2024

USN-6846-1 caused some regression in ansible.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

  • ansible - Configuration management, deployment, and task execution system

Details

USN-6846-1 fixed vulnerabilities in ansible. The update introduced a
regression in ansible. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Ansible incorrectly handled certain inputs when
using tower_callback parameter. If a user or an automated system were
tricked into opening a specially crafted input file, a remote attacker
could possibly use this issue to obtain sensitive information. This issue
only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2022-3697)

It was discovered that Ansible incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to perform a
Template Injection. (CVE-2023-5764)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04
Ubuntu 16.04

In general, a standard system update will make all the necessary changes.