ansible: remote data checking code fixes (CVE-2014-4678 and related)
Ansible remote data checking code was updated to lock down some security items related to deal with untrusted data from pre-compromised remote hosts. It was a series of changes made. Some of the issues was assigned CVE-2014-4678. However the additional ones do not have CVE assigned yet.
Update to Ansible 1.6.6 is recommended.
References:
https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ
https://groups.google.com/forum/message/raw?msg=ansible-announce/A1px5egCnGQ/jH6f5HM7kpkJ
https://groups.google.com/forum/message/raw?msg=ansible-announce/WKL7BY3qddo/JkJiNrZzy3AJ
CONFIRM: http://seclists.org/oss-sec/2014/q3/2
COMMIT:
https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916
(not fully fix all the issues)
(from redmine: issue id 3141, created on 2014-07-03, closed on 2014-07-17)
- Relations:
- child #3142 (closed)
- child #3143 (closed)