Advisories ยป MGASA-2014-0350

Updated ansible package fixes multiple security issues

Publication date: 25 Aug 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-4678 , CVE-2014-4966 , CVE-2014-4967


Updated ansible package fixes security vulnerabilities:

The Ansible platform before version 1.6.7 suffers from input sanitization
errors that allow arbitrary code execution as well as information leak, in
case an attacker is able to control certain playbook variables
(CVE-2014-4678, CVE-2014-4966, CVE-2014-4967).

The ansible package has been updated to version 1.6.8, which fixes these
issues and several other bugs.