FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  459437
Date:      2018-01-19
Time:      16:43:35Z
Committer: girgen

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
478d4102-2319-4026-b3b2-a57c48f159acansible -- information disclosure flaw

ansible developers report:

Ansible versions 2.2.3 and earlier are vulnerable to an information disclosure flaw due to the interaction of call back plugins and the no_log directive where the information may not be sanitized properly.

Discovery 2017-07-21
Entry 2017-09-25
le 2.2.3
a93c3287-d8fd-11e6-be5c-001fbc0f280fAnsible -- Command execution on Ansible controller from host

Computest reports:

Computest found and exploited several issues that allow a compromised host to execute commands on the Ansible controller and thus gain access to other hosts controlled by that controller.

Discovery 2017-01-09
Entry 2017-01-12
gt 1.9.6_1 lt

15a04b9f-47cb-11e7-a853-001fbc0f280fansible -- Input validation flaw in jinja2 templating system

RedHat security team reports:

An input validation flaw was found in Ansible, where it fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, result in code execution.

Discovery 2017-05-09
Entry 2017-06-02
lt 2.3.1
253c6889-06f0-11e6-925f-6805ca0b3d42ansible -- use of predictable paths in lxc_container

Ansible developers report:

CVE-2016-3096: do not use predictable paths in lxc_container

  • do not use a predictable filename for the LXC attach script
  • don't use predictable filenames for LXC attach script logging
  • don't set a predictable archive_path

this should prevent symlink attacks which could result in

  • data corruption
  • data leakage
  • privilege escalation

Discovery 2016-04-02
Entry 2016-04-20
ge lt

lt 1.9.6