Project

General

Profile

Bug #6783

Bug #6782: ansible: host to controller command execution vulnerability (CVE-2016-9587)

[3.5] ansible: host to controller command execution vulnerability (CVE-2016-9587)

Added by Alicha CH about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Start date:
01/31/2017
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed
by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible-server privileges.

Fixed in:

Ansible 2.2.1, and 2.1.4

References:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850846

Associated revisions

Revision aff146eb (diff)
Added by Sergei Lukin about 2 years ago

main/ansible: security upgrade to 2.2.1.0 - fixes #6783

CVE-2016-9587: host to controller command execution vulnerability

History

#1 Updated by Sergei Lukin about 2 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH about 2 years ago

  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF