Summary: | <dev-python/ansible-runner-2.1.0: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | python, zmedico |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~1 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2022-08-23 19:54:36 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e9771b16e2bbfbf8ed9b05f47b60fd495179dfcf commit e9771b16e2bbfbf8ed9b05f47b60fd495179dfcf Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2022-08-23 23:53:12 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2022-08-23 23:54:45 +0000 dev-python/ansible-runner: add 2.1.0 Bug: https://bugs.gentoo.org/866223 Signed-off-by: Zac Medico <zmedico@gentoo.org> dev-python/ansible-runner/Manifest | 1 + .../ansible-runner/ansible-runner-2.1.0.ebuild | 40 ++++++++++++++++++++++ 2 files changed, 41 insertions(+) Thanks! Please cleanup when ready. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0c891fb6ca1b1993e2c2306f7620038b4dba3809 commit 0c891fb6ca1b1993e2c2306f7620038b4dba3809 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2022-08-24 15:20:10 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2022-08-24 15:20:15 +0000 dev-python/ansible-runner: drop 1.4.9 Bug: https://bugs.gentoo.org/866223 Signed-off-by: Zac Medico <zmedico@gentoo.org> dev-python/ansible-runner/Manifest | 1 - .../ansible-runner/ansible-runner-1.4.9.ebuild | 38 ---------------------- 2 files changed, 39 deletions(-) Thanks, all done! CVE-2021-4041 (https://bugzilla.redhat.com/show_bug.cgi?id=2028074): https://github.com/ansible/ansible-runner/commit/3533f265f4349a3f2a0283158cd01b59a6bbc7bd A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment. |