Red Hat Security Advisory 2024-2246-03 - An update for ansible-core is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.
c5dca5b738b2cb8bfadedefd70f237fb88babfac668956379fab60ea06f4ea3c
The following advisory data is extracted from:
https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2246.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
- Packet Storm Staff
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: ansible-core bug fix, enhancement, and security update
Advisory ID: RHSA-2024:2246-03
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2024:2246
Issue date: 2024-04-30
Revision: 03
CVE Names: CVE-2024-0690
====================================================================
Summary:
An update for ansible-core is now available for Red Hat Enterprise Linux 9.
'Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description:
Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
Security Fix(es):
* ansible-core: possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration (CVE-2024-0690)
Bug Fix(es):
* Update ansible-core to 2.14.14 (JIRA:RHEL-23783)
Solution:
https://access.redhat.com/articles/11258
CVEs:
CVE-2024-0690
References:
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.4_release_notes/index
https://bugzilla.redhat.com/show_bug.cgi?id=2259013
https://issues.redhat.com/browse/RHEL-18950
https://issues.redhat.com/browse/RHEL-19298
https://issues.redhat.com/browse/RHEL-23783