GLSA-201701-77 : Ansible: Remote execution of arbitrary code
Medium Nessus Plugin ID 96915
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201701-77 (Ansible: Remote execution of arbitrary code)
An input validation vulnerability was found in Ansible’s handling of data sent from client systems.
An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could execute arbitrary code on the Ansible server using the Ansible-server privileges.
There is no known workaround at this time.
SolutionAll Ansible 2.1.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-admin/ansible-188.8.131.52_rc3' All Ansible 2.2.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-admin/ansible-184.108.40.206_rc5'