QID 356179
Date Published: 2023-09-28
QID 356179: Amazon Linux Security Advisory for ansible : ALASANSIBLE2-2023-005
A flaw was found in the ansible engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module.
Gpg signatures are ignored during installation even when disable_gpg_check is set to false, which is the default behavior.
This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts.
The highest threat from this vulnerability is to integrity and system availability. (
( CVE-2020-14365)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALASANSIBLE2-2023-005 for affected packages and patching details, or update with your package manager.
Vendor References
- ALASANSIBLE2-2023-005 -
alas.aws.amazon.com/AL2/ALASANSIBLE2-2023-005.html
CVEs related to QID 356179
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALASANSIBLE2-2023-005 | amazon linux 2 |
alas.aws.amazon.com/AL2/ALASANSIBLE2-2023-005.html |