mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-22 21:50:55 +00:00
Code Issues Wiki Activity

ansible_2_7: 2.7.11 -> 2.7.15

Browse source 
This fixes the following security issues:
  * Ansible: Splunk and Sumologic callback plugins leak sensitive data
    in logs (CVE-2019-14864)
  * CVE-2019-14846 - Several Ansible plugins could disclose aws
    credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py,
    lookup/aws_account_attribute.py, and lookup/aws_secret.py,
    lookup/aws_ssm.py use the boto3 library from the Ansible process. The
    boto3 library logs credentials at log level DEBUG. If Ansible's
    logging was enabled (by setting LOG_PATH to a value) Ansible would set
    the global log level to DEBUG. This was inherited by boto and would
    then log boto credentials to the file specified by LOG_PATH. This did
    not affect aws ansible modules as those are executed in a separate
    process. This has been fixed by switching to log level INFO
  * Convert CLI provided passwords to text initially, to prevent unsafe
    context being lost when converting from bytes->text during post
    processing of PlayContext. This prevents CLI provided passwords from
    being incorrectly templated (CVE-2019-14856)
  * properly hide parameters marked with no_log in suboptions when invalid
    parameters are passed to the module (CVE-2019-14858)
  * resolves CVE-2019-10206, by avoiding templating passwords from
    prompt as it is probable they have special characters.
  * Handle improper variable substitution that was happening in
    safe_eval, it was always meant to just do 'type enforcement' and have
    Jinja2 deal with all variable interpolation. Also see CVE-2019-10156

Changelog: 0623dedf2d/changelogs/CHANGELOG-v2.7.rst (v2-7-15)
This commit is contained in:
Andreas Rammhold 2019-12-15 21:12:20 +01:00
parent eb2d272efd
commit 64e2791092
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pkgs/tools/admin/ansible/default.nix
View file

@ -7,11 +7,11 @@
ansible_2_7 = with python3Packages; toPythonApplication (ansible.overridePythonAttrs(old: rec {
pname = "ansible";
version = "2.7.11";
version = "2.7.15";
src = fetchurl {
url = "https://releases.ansible.com/ansible/${pname}-${version}.tar.gz";
sha256 = "0zipzm9al6k74h88b6zkddpcbxqs4cms7lidid6wn1vx3d3dxrp7";
sha256 = "1kjqr35c11njyi3f2rjab6821bhqcrdykv4285q76gwv0qynigwr";
};
}));