Oval Definition:oval:org.opensuse.security:def:20177481
Revision Date:2022-06-30Version:1
Title:CVE-2017-7481
Description:

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2017-7481
SUSE-SU-2017:3029-1
openSUSE-SU-2017:2976-1
openSUSE-SU-2017:2978-1
openSUSE-SU-2019:0238-1
Mitre CVE-2017-7481
SUSE CVE-2017-7481
SUSE-SU-2017:3029-1
openSUSE-SU-2017:2976-1
openSUSE-SU-2017:2978-1
openSUSE-SU-2019:0238-1
Platform(s):openSUSE Leap 42.2
openSUSE Leap 42.3
openSUSE Tumbleweed
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server for SAP Applications 11 SP3-TERADATA
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Server for SAP Applications 15
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE Package Hub for SUSE Linux Enterprise 12
SUSE Package Hub for SUSE Linux Enterprise 15
Product(s):
Definition Synopsis
  • openSUSE Leap 42.2 is installed
  • AND Package Information
  • ansible-2.4.1.0-2.4.1 is installed
  • AND ansible is signed with openSUSE key
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • ansible-2.2.3.0-5.1 is installed
  • OR monasca-installer-20170912_10.45-5.1 is installed
    • Definition Synopsis
  • openSUSE Leap 42.3 is installed
  • AND Package Information
  • ansible-2.4.1.0-6 is installed
  • AND ansible is signed with openSUSE key
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 12 is installed
  • AND ansible-2.4.1.0-6 is installed
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 15 is installed
  • AND ansible-2.7.6-bp150.3.3 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 11 SP3-TERADATA is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 11 SP3-TERADATA is installed
  • AND ansible-2.2.0.0-10 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP3-TERADATA is installed
  • AND ansible-2.2.0.0-10.1 is installed
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • ansible-2.9.24-1.2 is installed
  • OR ansible-doc-2.9.24-1.2 is installed
  • OR ansible-test-2.9.24-1.2 is installed
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 12 is installed
  • AND ansible-2.4.1.0-6.1 is installed
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 15 is installed
  • AND ansible-2.7.6-bp150.3.3.1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND ansible1 is affected
    • BACK