{"id":"MGASA-2021-0132","summary":"Updated ansible packages fix security vulnerability","details":"User data leak in snmp_facts module (CVE-2021-20178).\n\nThe bitbucket_pipeline_variable module exposed secured values\n(CVE-2021-20180).\n\nMultiple collections exposed secured values (CVE-2021-20191).\n\nIn basic.py, no_log with fallback option (CVE-2021-20228).\n\nThe ansible package has been updated to version 2.9.18, fixing these\nissues and other bugs.\n","modified":"2026-04-16T04:40:56.041353706Z","published":"2021-03-12T01:25:47Z","upstream":["CVE-2021-20178","CVE-2021-20180","CVE-2021-20191","CVE-2021-20228"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0132.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28436"},{"type":"WEB","url":"https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#id64"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2021:0664"}],"affected":[{"package":{"name":"ansible","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/ansible?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.18-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0132.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}