sysutils/ansible*: Add multiple Vulnerabilities

- Add vuxml entry for CVE-2020-1737, CVE-2020-1739 and CVE-2020-1740 Security: CVE-2020-1737 Security: CVE-2020-1739 Security: CVE-2020-1740
svn path=/head/; revision=531977
2024-12-04 01:48:54 +00:00 · 2020-04-17 22:29:36 +00:00 · 2020-04-17 22:29:36 +00:00 · 0ed4a68569 · 2021-03-31 03:12:20 +00:00
commit 0ed4a68569
parent f3faee0804
1 changed files with 161 additions and 0 deletions
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -58,6 +58,167 @@ Notes:
  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="ae2e7871-80f6-11ea-bafd-815569f3852d">
+    <topic>ansible - Vault password leak from temporary file</topic>
+    <affects>
+      <package>
+	<name>ansible</name>
+	<range><lt>2.8.9</lt></range>
+      </package>
+      <package>
+	<name>ansible27</name>
+	<range><lt>2.7.17</lt></range>
+      </package>
+      <package>
+	<name>ansible26</name>
+	<range><lt>2.7.17</lt></range>
+      </package>
+      <package>
+	<name>ansible25</name>
+	<range><lt>2.7.17</lt></range>
+      </package>
+      <package>
+	<name>ansible24</name>
+	<range><lt>2.7.17</lt></range>
+      </package>
+      <package>
+	<name>ansible23</name>
+	<range><lt>2.7.17</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Borja Tarraso reports:</p>
+	<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740">
+	<p>A flaw was found in Ansible Engine when using Ansible Vault for editing
+	  encrypted files. When a user executes "ansible-vault edit", another user
+	  on the same computer can read the old and new secret, as it is created in
+	  a temporary file with mkstemp and the returned file descriptor is closed
+	  and the method write_data is called to write the existing secret in the
+	  file. This method will delete the file before recreating it insecurely.
+	  All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740</url>
+      <url>https://github.com/ansible/ansible/issues/67798</url>
+      <cvename>CVE-2020-1740</cvename>
+    </references>
+    <dates>
+      <discovery>2020-02-12</discovery>
+      <entry>2020-04-17</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="67dbeeb6-80f4-11ea-bafd-815569f3852d">
+    <topic>ansible - subversion password leak from PID</topic>
+    <affects>
+      <package>
+	<name>ansible</name>
+	<range><lt>2.8.9</lt></range>
+      </package>
+      <package>
+	<name>ansible27</name>
+	<range><lt>2.7.17</lt></range>
+      </package>
+      <package>
+	<name>ansible26</name>
+	<range><lt>2.7.17</lt></range>
+      </package>
+      <package>
+	<name>ansible25</name>
+	<range><lt>2.7.17</lt></range>
+      </package>
+      <package>
+	<name>ansible24</name>
+	<range><lt>2.7.17</lt></range>
+      </package>
+      <package>
+	<name>ansible23</name>
+	<range><lt>2.7.17</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Borja Tarraso reports:</p>
+	<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739">
+	  <p>A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5
+	    and prior when a password is set with the argument "password" of svn module,
+	    it is used on svn command line, disclosing to other users within the same
+	    node. An attacker could take advantage by reading the cmdline file from that
+	    particular PID on the procfs.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739</url>
+      <url>https://github.com/ansible/ansible/issues/67797</url>
+      <url>https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/</url>
+      <url>https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/</url>
+      <url>https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/</url>
+      <cvename>CVE-2020-1739</cvename>
+    </references>
+    <dates>
+      <discovery>2020-02-12</discovery>
+      <entry>2020-04-17</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="0899c0d3-80f2-11ea-bafd-815569f3852d">
+    <topic>ansible - win_unzip path normalization</topic>
+    <affects>
+      <package>
+	<name>ansible</name>
+	<range><lt>2.8.9</lt></range>
+      </package>
+      <package>
+	<name>ansible27</name>
+	<range><lt>2.7.17</lt></range>
+      </package>
+      <package>
+	<name>ansible26</name>
+	<range><lt>2.7.17</lt></range>
+      </package>
+      <package>
+	<name>ansible25</name>
+	<range><lt>2.7.17</lt></range>
+      </package>
+      <package>
+	<name>ansible24</name>
+	<range><lt>2.7.17</lt></range>
+      </package>
+      <package>
+	<name>ansible23</name>
+	<range><lt>2.7.17</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Borja Tarraso reports:</p>
+	<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737">
+	  <p>A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and
+	    prior when using the Extract-Zip function from the win_unzip module as the
+	    extracted file(s) are not checked if they belong to the destination folder. An
+	    attacker could take advantage of this flaw by crafting an archive anywhere in
+	    the file system, using a path traversal. This issue is fixed in 2.10.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+	    <url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737</url>
+	    <url>https://github.com/ansible/ansible/issues/67795</url>
+	    <url>https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/</url>
+	    <url>https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/</url>
+	    <url>https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/</url>
+	    <cvename>CVE-2020-1737</cvename>
+    </references>
+    <dates>
+      <discovery>2020-02-12</discovery>
+      <entry>2020-04-17</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="25efe05c-7ffc-11ea-b594-3065ec8fd3ec">
    <topic>chromium -- use after free</topic>
    <affects>