[v3.0] ansible: remote data checking code fixes (CVE-2014-4678 and related)
Ansible remote data checking code was updated to lock down some security items related to deal with untrusted data from pre-compromised remote hosts. It was a series of changes made. Some of the issues was assigned CVE-2014-4678. However the additional ones do not have CVE assigned yet.
Update to Ansible 1.6.6 is recommended.
References:
https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ
https://groups.google.com/forum/message/raw?msg=ansible-announce/A1px5egCnGQ/jH6f5HM7kpkJ
https://groups.google.com/forum/message/raw?msg=ansible-announce/WKL7BY3qddo/JkJiNrZzy3AJ
CONFIRM: http://seclists.org/oss-sec/2014/q3/2
COMMIT:
https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916
(not fully fix all the issues)
(from redmine: issue id 3143, created on 2014-07-03, closed on 2014-07-17)
- Relations:
- parent #3141 (closed)
- Changesets:
- Revision 2d23babf by Natanael Copa on 2014-07-16T09:55:44Z:
main/ansible: security upgrade to 1.6.6 (CVE-2014-4678)
fixes #3143