Linux Distros Unpatched Vulnerability : CVE-2017-7481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, th...

Mageia: Security Advisory (MGASA-2017-0164)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-7481

creationtimestamp| type| source ---|---|--- 2021-11-08 08:58:19+00:00| seen| MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422...

Debian: Security Advisory (DLA-2535-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2535-1 : ansible security update

CVE-2017-7481 Ansible fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now...

Ubuntu: Security Advisory (USN-4072-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2017-7481

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2...

CVE-2017-7481

CVE-2017-7481 affects Ansible before versions 2.3.1.0 and 2.4.0.0, where lookup-plugin results could be marked unsafe, allowing code execution via jinja2 if an attacker controls lookup() results. The description and connected advisories confirm the vulnerability originates from unsafe lookup resu...

SUSE-SU-2017:3029-1 Security update for ansible and monasca-installer

This update for ansible provides version 2.2.3.0 and fixes the following security issues: - CVE-2017-7481: Data for lookup plugins used as variables was not being marked as 'unsafe' and could lead to unintentional disclosure of information. bsc1038785 - CVE-2016-9587: Prevent compromised host to...

RHEL 7 : ansible (RHSA-2017:2524)

An update for ansible is now available for RHEV Engine version 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Moderate: Red Hat Security Advisory: ansible security, bug fix, and enhancement update

An update for ansible is now available for RHEV Engine version 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Fedora 26 : ansible (2017-49c0ac5ce7)

Update to 2.3.1, with various bugfixes and fix for CVE-2017-7481. Full changes available at : https://github.com/ansible/ansible/blob/stable-2.3/CHANGELOG.md Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable ha...

RHEL 7 : ansible (RHSA-2017:1499)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2017:1499 advisory. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH a...

Important: Red Hat Security Advisory: ansible security update

An update for ansible is now available for Red Hat Storage Console 2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Fedora 25 : ansible (2017-87a64155eb)

Update to 2.3.1, with various bugfixes and fix for CVE-2017-7481. Full changes available at : https://github.com/ansible/ansible/blob/stable-2.3/CHANGELOG.md Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable ha...

Updated ansible packages fix security vulnerability

It was found that aptkey module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key CVE-2016-8614. It is reported that in Ansible, under some circumstances the mysqluser module...

Important: Red Hat Security Advisory: ansible and openshift-ansible security and bug fix update

An update for ansible and openshift-ansible is now available for Red Hat OpenShift Container Platform 3.2, Red Hat OpenShift Container Platform 3.3, Red Hat OpenShift Container Platform 3.4, and Red Hat OpenShift Container Platform 3.5. Red Hat Product Security has rated this update as having a...