ansible/changelogs/fragments/solaris_zone_name_fix.yml
Abhijeet Kasurde 7d2ae7e322 solaris_zone: Allow only valid characters in zone name (#65686)
CVE-2019-14904 - solaris_zone module accepts zone name and performs actions related to that.
However, there is no user input validation done while performing actions.
A malicious user could provide a crafted zone name which allows executing commands
into the server manipulating the module behaviour.

Adding user input validation as per Solaris Zone documentation fixes this issue.

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2019-12-10 07:18:55 -05:00

5 lines
420 B
YAML

bugfixes:
- "**SECURITY** - CVE-2019-14904 - solaris_zone module accepts zone name and performs actions related to that.
However, there is no user input validation done while performing actions. A malicious user could provide a
crafted zone name which allows executing commands into the server manipulating the module behaviour. Adding
user input validation as per Solaris Zone documentation fixes this issue."