All errata/sisyphus/ALT-PU-2016-1499-2
ALT-PU-2016-1499-2

Package update ansible in branch sisyphus

Version2.0.2.0-alt1
Task#164711
Published2026-02-04
Max severityHIGH
Severity:

Closed issues (2)

CVE-2016-3096
HIGH7.8

The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.

Published: 2016-06-03Modified: 2025-04-12
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
GHSA-rh6x-qvg7-rrmj
HIGH8.5

Link Following in ansible

Published: 2018-10-10Modified: 2024-09-04
CVSS 3.xHIGH 8.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 4.0HIGH 8.5
CVSS:4.0/CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References