Package : ansible
Version : 1.7.2+dfsg-2+deb8u1
CVE ID : CVE-2018-16837
Debian Bug : #912297
It was discovered that there was a potential SSH passphrase disclosure
vulnerability in the ansible configuration management system,
The "User" module leaked data that was passed as a parameter to the
ssh-keygen(1) utility, thus revealing any credentials in cleartext form
in the global process list.
For Debian 8 "Jessie", this issue has been fixed in ansible version
1.7.2+dfsg-2+deb8u1.
We recommend that you upgrade your ansible packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-