{ "document": { "aggregate_severity": { "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "* SECURITY UPDATE: sensitive data leakage through User module\n - debian/patches/CVE-2018-16837.patch: do not pass ssh_key_passphrase on\n cmdline, fix passphrase being passed on command line\n - CVE-2018-16837", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu16.04els/advisories/2025/clsa-2025_1747902752.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1747902752", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1747902752" } ], "tracking": { "current_release_date": "2025-05-22T08:33:30Z", "generator": { "date": "2025-05-22T08:33:30Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1747902752", "initial_release_date": "2025-05-22T08:33:30Z", "revision_history": [ { "date": "2025-05-22T08:33:30Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "Fix CVE(s): CVE-2018-16837" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Ubuntu 16.04", "product": { "name": "Ubuntu 16.04", "product_id": "Ubuntu-16", "product_identification_helper": { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" } } } ], "category": "product_family", "name": "Ubuntu" } ], "category": "vendor", "name": "Canonical Ltd." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els8.all", "product": { "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els8.all", "product_id": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els8.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/ansible@2.1.1.0-1~ubuntu16.04.1%2Btuxcare.els8?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els8.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els8.all" }, "product_reference": "ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els8.all", "relates_to_product_reference": "Ubuntu-16" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-16837", "cwe": { "id": "CWE-214", "name": "Invocation of Process Using Visible Sensitive Information" }, "notes": [ { "category": "description", "text": "Ansible \"User\" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els8.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2018-16837" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html" }, { "category": "external", "summary": "http://www.securityfocus.com/bid/105700", "url": "http://www.securityfocus.com/bid/105700" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2018:3460", "url": "https://access.redhat.com/errata/RHSA-2018:3460" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2018:3461", "url": "https://access.redhat.com/errata/RHSA-2018:3461" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2018:3462", "url": "https://access.redhat.com/errata/RHSA-2018:3462" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2018:3463", "url": "https://access.redhat.com/errata/RHSA-2018:3463" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2018:3505", "url": "https://access.redhat.com/errata/RHSA-2018:3505" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2018/11/msg00012.html", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00012.html" }, { "category": "external", "summary": "https://usn.ubuntu.com/4072-1/", "url": "https://usn.ubuntu.com/4072-1/" }, { "category": "external", "summary": "https://www.debian.org/security/2019/dsa-4396", "url": "https://www.debian.org/security/2019/dsa-4396" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/cve-2018-16837", "url": "https://access.redhat.com/security/cve/cve-2018-16837" } ], "release_date": "2018-10-23T15:29:00", "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL_ACCESS", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els8.all" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2016-9587", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els8.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2016-9587" }, { "category": "external", "summary": "http://rhn.redhat.com/errata/RHSA-2017-0195.html", "url": "http://rhn.redhat.com/errata/RHSA-2017-0195.html" }, { "category": "external", "summary": "http://rhn.redhat.com/errata/RHSA-2017-0260.html", "url": "http://rhn.redhat.com/errata/RHSA-2017-0260.html" }, { "category": "external", "summary": "http://www.securityfocus.com/bid/95352", "url": "http://www.securityfocus.com/bid/95352" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2017:0448", "url": "https://access.redhat.com/errata/RHSA-2017:0448" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2017:0515", "url": "https://access.redhat.com/errata/RHSA-2017:0515" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2017:1685", "url": "https://access.redhat.com/errata/RHSA-2017:1685" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201701-77", "url": "https://security.gentoo.org/glsa/201701-77" }, { "category": "external", "summary": "https://www.exploit-db.com/exploits/41013/", "url": "https://www.exploit-db.com/exploits/41013/" } ], "release_date": "2018-04-24T16:29:00", "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK_ACCESSIBLE", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els8.all" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2017-7481", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els8.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2017-7481" }, { "category": "external", "summary": "http://www.securityfocus.com/bid/98492", "url": "http://www.securityfocus.com/bid/98492" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2017:1244", "url": "https://access.redhat.com/errata/RHSA-2017:1244" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2017:1334", "url": "https://access.redhat.com/errata/RHSA-2017:1334" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2017:1476", "url": "https://access.redhat.com/errata/RHSA-2017:1476" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2017:1499", "url": "https://access.redhat.com/errata/RHSA-2017:1499" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2017:1599", "url": "https://access.redhat.com/errata/RHSA-2017:1599" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2017:2524", "url": "https://access.redhat.com/errata/RHSA-2017:2524" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481" }, { "category": "external", "summary": "https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2", "url": "https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html", "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" }, { "category": "external", "summary": "https://usn.ubuntu.com/4072-1/", "url": "https://usn.ubuntu.com/4072-1/" } ], "release_date": "2018-07-19T13:29:00", "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK_ACCESSIBLE", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:ansible-0:2.1.1.0-1~ubuntu16.04.1+tuxcare.els8.all" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] } ] }