RHEL 7 : ansible and openshift-ansible (RHSA-2017:0448)
High Nessus Plugin ID 119387
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionAn update for ansible and openshift-ansible is now available for Red Hat OpenShift Container Platform 3.2, Red Hat OpenShift Container Platform 3.3, and Red Hat OpenShift Container Platform 3.4.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3.
Security Fix(es) :
* An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
Bug Fix(es) :
Space precludes documenting all of the non-security bug fixes in this advisory. See the relevant OpenShift Container Platform Release Notes linked to in the References section, which will be updated shortly for this release.
SolutionUpdate the affected packages.