What is the severity of USN-4072-1?

The severity of USN-4072-1 is not specified in the information provided.

How do I check if I am affected by USN-4072-1?

To check if you are affected by USN-4072-1, you can verify your installed version of Ansible against the affected software versions listed.

How do I fix the vulnerabilities in USN-4072-1?

To fix the vulnerabilities in USN-4072-1, you should update Ansible to the recommended version for your Ubuntu distribution.

Where can I find more information about the vulnerabilities in USN-4072-1?

You can find more information about the vulnerabilities in USN-4072-1 on the Ubuntu security website using the provided CVE references.

What is the Common Weakness Enumeration (CWE) for USN-4072-1?

The Common Weakness Enumeration (CWE) for USN-4072-1 is CWE-22.

Vulnerability/
USN-4072-1

CWE

24/7/2019

USN-4072-1: Ansible vulnerabilities

First published: Wed Jul 24 2019(Updated: )

It was discovered that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. (CVE-2017-7481) (CVE-2018-10855) (CVE-2018-16837) (CVE-2018-16876) (CVE-2019-10156) It was discovered that Ansible could load configuration files from the current working directory containing crafted commands. An attacker could run arbitrary code as result. (CVE-2018-10874) (CVE-2018-10875) It was discovered that Ansible fetch module had a path traversal vulnerability. A local attacker could copy and overwrite files outside of the specified destination. (CVE-2019-3828)

Affected Software	Affected Version	How to fix
All of
ubuntu/ansible	<2.7.8+dfsg-1ubuntu0.19.04.1	2.7.8+dfsg-1ubuntu0.19.04.1
	=19.04
All of
ubuntu/ansible	<2.5.1+dfsg-1ubuntu0.1	2.5.1+dfsg-1ubuntu0.1
	=18.04
All of
ubuntu/ansible	<2.0.0.2-2ubuntu1.3	2.0.0.2-2ubuntu1.3
	=16.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-4072-1?
The severity of USN-4072-1 is not specified in the information provided.
How do I check if I am affected by USN-4072-1?
To check if you are affected by USN-4072-1, you can verify your installed version of Ansible against the affected software versions listed.
How do I fix the vulnerabilities in USN-4072-1?
To fix the vulnerabilities in USN-4072-1, you should update Ansible to the recommended version for your Ubuntu distribution.
Where can I find more information about the vulnerabilities in USN-4072-1?
You can find more information about the vulnerabilities in USN-4072-1 on the Ubuntu security website using the provided CVE references.
What is the Common Weakness Enumeration (CWE) for USN-4072-1?
The Common Weakness Enumeration (CWE) for USN-4072-1 is CWE-22.

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
agent/weakness
collector/usn
source/Ubuntu
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/19.04
version/ubuntu ubuntu/18.04
version/ubuntu ubuntu/16.04