[v2.7] ansible: remote data checking code fixes (CVE-2014-4678 and related)
Ansible remote data checking code was updated to lock down some security items related to deal with untrusted data from pre-compromised remote hosts. It was a series of changes made. Some of the issues was assigned CVE-2014-4678. However the additional ones do not have CVE assigned yet.
Update to Ansible 1.6.6 is recommended.
COMMIT: https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916 (not fully fix all the issues)
(from redmine: issue id 3142, created on 2014-07-03, closed on 2014-07-17)
- parent #3141 (closed)
- Revision 87ec1c87 by Natanael Copa on 2014-07-16T09:59:52Z:
main/ansible: security upgrade to 1.6.6 (CVE-2014-4678) fixes #3142