ansible

History

Abhijeet Kasurde 7d2ae7e322 solaris_zone: Allow only valid characters in zone name (#65686 ) CVE-2019-14904 - solaris_zone module accepts zone name and performs actions related to that. However, there is no user input validation done while performing actions. A malicious user could provide a crafted zone name which allows executing commands into the server manipulating the module behaviour. Adding user input validation as per Solaris Zone documentation fixes this issue. Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>	2019-12-10 07:18:55 -05:00
..
ansible	solaris_zone: Allow only valid characters in zone name (#65686 )	2019-12-10 07:18:55 -05:00

Abhijeet Kasurde 7d2ae7e322 solaris_zone: Allow only valid characters in zone name (#65686 )

CVE-2019-14904 - solaris_zone module accepts zone name and performs actions related to that.
However, there is no user input validation done while performing actions.
A malicious user could provide a crafted zone name which allows executing commands
into the server manipulating the module behaviour.

Adding user input validation as per Solaris Zone documentation fixes this issue.

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>

2019-12-10 07:18:55 -05:00

ansible

solaris_zone: Allow only valid characters in zone name (#65686 )

2019-12-10 07:18:55 -05:00