7 matches found
CVE-2016-3096
The createscript function in the lxccontainer module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on 1 /opt/.lxc-attach-script, 2 the archived container in the archivepath directory, or the 3...
MGASA-2016-0163 Updated ansible packages fix CVE-2016-3096
Updated ansible package fixes security vulnerability: A vulnerability in lxccontainer, ansible module, was found allowing to get root inside the container. The problem is in the createscript function, which tries to write to /opt/.lxc-attach-script inside of the container. If the attacker can wri...
Fedora 22 : ansible-2.0.2.0-1.fc22 (2016-ab154c56dd)
Update to 2.0.2.0. https://github.com/ansible/ansible/blob/stable-2.0/CHANGELOG.md Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
Fedora 23 : ansible1.9-1.9.6-1.fc23 (2016-65519440f5)
Update to 1.9.6. Fixes bug 1327744 as well as CVE-2016-3096 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
Fedora 22 : ansible1.9-1.9.6-1.fc22 (2016-28ff51a3f5)
Update to 1.9.6. Fixes bug 1327744 as well as CVE-2016-3096 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
Fedora Update for ansible1.9 FEDORA-2016-65519440
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : ansible -- use of predictable paths in lxc_container (253c6889-06f0-11e6-925f-6805ca0b3d42)
Ansible developers report : CVE-2016-3096: do not use predictable paths in lxccontainer - do not use a predictable filename for the LXC attach script - don't use predictable filenames for LXC attach script logging - don't set a predictable archivepath this should prevent symlink attacks which cou...