Linux Distros Unpatched Vulnerability : CVE-2016-8628

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variable...

SUSE SLES15 / openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2024:1509-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1509-1 advisory. - A flaw was found in Ansible before version 2.2.0. The aptkey module does not properly verify key fingerprints, allowing remote...

RHEL 7 : atomic-openshift-utils (RHSA-2016:2778)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:2778 advisory. Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud...

CVE-2016-8628

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as...

CVE-2016-8628

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as...

UBUNTU-CVE-2016-8628

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as...

CVE-2016-8628

Concrete details found: CVE-2016-8628 affects Ansible prior to 2.2.0, where unsanitized controller fact variables can let an attacker run arbitrary commands on Ansible clients as the Ansible user. The connected SUSE advisory confirms policy fixes via upgrade paths (e.g., to Ansible 2.9.x series) ...

openSUSE Security Update : ansible (openSUSE-2017-1259)

This update for ansible to version 2.4.1.0 fixes the following vulnerabilities : - CVE-2017-7481: Security issue with lookup return not tainting the jinja2 environment bsc1038785 - CVE-2016-9587: host to controller command execution vulnerability bsc1019021 - CVE-2016-8628: Command injection by...

CVE-2016-8628

Ansible fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as...

Fedora Update for ansible FEDORA-2016-3ccb098630

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for ansible FEDORA-2016-3113e71193

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 25 : ansible (2016-3ccb098630)

Add patch to fix dnf module groupinstall handling ---- Update to new ansible 2.2 version. For full changes see : https://github.com/ansible/ansible/blob/stable-2.2/CHANGELOG.md Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...

Fedora 24 : ansible (2016-3113e71193)

Add patch to fix dnf module groupinstall handling ---- Update to new ansible 2.2 version. For full changes see : https://github.com/ansible/ansible/blob/stable-2.2/CHANGELOG.md Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...