Bug 2487432 - CVE-2026-11837 ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown [epel-all]
Summary: CVE-2026-11837 ansible-collection-ansible-posix: ansible.posix authorized_key...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: ansible-collection-ansible-posix
Version: epel10
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
Assignee: Maxwell G
QA Contact:
URL:
Whiteboard: {"flaws": ["ae05c834-cbe1-4e38-a53e-f...
Depends On:
Blocks: CVE-2026-11837
TreeView+ depends on / blocked
 
Reported: 2026-06-10 05:00 UTC by Borja Tarraso
Modified: 2026-07-09 01:25 UTC (History)
3 users (show)

Fixed In Version: ansible-collection-ansible-posix-2.2.1-1.fc45
Clone Of:
Environment:
Last Closed: 2026-07-08 00:30:49 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Borja Tarraso 2026-06-10 05:00:52 UTC
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

Comment 1 Fedora Update System 2026-07-08 00:28:43 UTC
FEDORA-2026-4a0c61a43f (ansible-collection-ansible-posix-2.2.1-1.fc45) has been submitted as an update to Fedora 45.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-4a0c61a43f

Comment 2 Fedora Update System 2026-07-08 00:30:49 UTC
FEDORA-2026-4a0c61a43f (ansible-collection-ansible-posix-2.2.1-1.fc45) has been pushed to the Fedora 45 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 3 Fedora Update System 2026-07-08 01:56:13 UTC
FEDORA-EPEL-2026-2e6fb1faee (ansible-collection-ansible-posix-1.6.2-1.el8) has been submitted as an update to Fedora EPEL 8.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-2e6fb1faee

Comment 4 Fedora Update System 2026-07-09 01:20:18 UTC
FEDORA-EPEL-2026-2e6fb1faee has been pushed to the Fedora EPEL 8 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-2e6fb1faee

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 5 Fedora Update System 2026-07-09 01:25:34 UTC
FEDORA-EPEL-2026-6904308b23 has been pushed to the Fedora EPEL 9 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-6904308b23

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.


Note You need to log in before you can comment on or make changes to this bug.