All errata/sisyphus/ALT-PU-2017-1386-2
ALT-PU-2017-1386-2

Package update ansible in branch sisyphus

Version2.2.2.0-alt1
Task#181058
Published2026-02-04
Max severityCRITICAL
Severity:

Closed issues (8)

CVE-2016-8614
HIGH7.5

A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.

Published: 2018-07-31Modified: 2024-11-21
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
References
CVE-2016-8628
CRITICAL9.1

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.

Published: 2018-07-31Modified: 2024-11-21
CVSS 2.0CRITICAL 9.0
CVSS:2.0/AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS 3.xCRITICAL 9.1
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
References
CVE-2016-8647
MEDIUM4.9

An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.

Published: 2018-07-26Modified: 2024-11-21
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
References
CVE-2016-9587
HIGH8.1

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

Published: 2018-04-24Modified: 2024-11-21
CVSS 2.0CRITICAL 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 3.xHIGH 8.1
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References
GHSA-cmwx-9m2h-x7v4
HIGH8.7

Ansible apt_key module does not properly verify key fingerprint

Published: 2018-10-10Modified: 2024-09-04
CVSS 3.xHIGH 8.7
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 4.0HIGH 8.7
CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
References
GHSA-jg4f-jqm5-4mgq
CRITICAL9.4

Ansible fails to properly sanitize fact variables sent from the Ansible controller

Published: 2018-10-10Modified: 2024-09-04
CVSS 3.xCRITICAL 9.4
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVSS 4.0CRITICAL 9.4
CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
References
GHSA-m956-frf4-m2wr
CRITICAL9.2

Ansible is vulnerable to an improper input validation in Ansible's handling of data sent from client systems

Published: 2018-10-10Modified: 2024-11-18
CVSS 3.xCRITICAL 9.2
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 4.0CRITICAL 9.2
CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References
GHSA-x4cm-m36h-c6qj
MEDIUM6.9

Improper Input Validation in ansible

Published: 2018-10-10Modified: 2024-09-04
CVSS 3.x
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
CVSS 4.0
CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
References

Closed bugs (1)