CVE-2016-9587: an unpleasant Ansible vulnerability

by
corbet
from LWN.net on (#28HZ5)
The Ansible project is currently posting release candidates for the 2.1.4and 2.2.1 releases. They fix an important security bug:"CVE-2016-9587 is rated as HIGH in risk, as a compromised remotesystem being managed via Ansible can lead to commands being run on theAnsible controller (as the user running the ansible or ansible-playbookcommand)." Until this release is made, it would make sense to beespecially careful about running Ansible against systems that might havebeen compromised.

Update: see thisadvisory for much more detailed information.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments