diff options
| author | Sloane Hertel <shertel@redhat.com> | 2020-04-14 21:42:20 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-14 18:42:20 -0700 |
| commit | 1a89d4f059c21a818306a39ada7f5284ae125237 (patch) | |
| tree | b32990ac2351ad57d8b2a45aeb17ed27df4bbe26 /changelogs/fragments/subversion_password.yaml | |
| parent | 8cccb33d71b0822c46f7076aa28293968eb25438 (diff) | |
| download | ansible-1a89d4f059c21a818306a39ada7f5284ae125237.tar.gz | |
[2.7] CVE-2020-1739 - provide password securely for subversion module or warn (#68913)
* subversion module - provide password securely when possible or warn (#67829)
* subversion module - provide password securely with svn command line option --password-from-stdin when possible, and provide a warning otherwise.
* Update lib/ansible/modules/source_control/subversion.py.
* Add a test.
Co-authored-by: Sam Doran <sdoran@redhat.com>
(cherry picked from commit d91658ec0c8434c82c3ef98bfe9eb4e1027a43a3)
* Create the OUTPUT_DIR and make sure it is removed at the end
* fix sanity test
Diffstat (limited to 'changelogs/fragments/subversion_password.yaml')
| -rw-r--r-- | changelogs/fragments/subversion_password.yaml | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/changelogs/fragments/subversion_password.yaml b/changelogs/fragments/subversion_password.yaml new file mode 100644 index 0000000000..42e09fb1a0 --- /dev/null +++ b/changelogs/fragments/subversion_password.yaml @@ -0,0 +1,9 @@ +bugfixes: +- > + **security issue** - The ``subversion`` module provided the password + via the svn command line option ``--password`` and can be retrieved + from the host's /proc/<pid>/cmdline file. Update the module to use + the secure ``--password-from-stdin`` option instead, and add a warning + in the module and in the documentation if svn version is too old to + support it. + (CVE-2020-1739) |