Ansible prior 2.2.3 is vulnerable with CVE-2017-7466, CVE-2017-7473, CVE-2017-7481
Bug #1699539 reported by
Bjoern
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack-Ansible |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Based on https:/
CVE-2017-7466
CVE-2017-7473
CVE-2017-7481
Is it possible to increase the ansible version for all versions since newton ?
CVE References
To post a comment you must log in.
Ocata and master should be fine already.
It's a different story for Newton.
For Newton, I guess we could decide in a community meeting to go forward with an update of ansible for this branch. It was already on the table before, but we abandoned the idea, IIRC.
There will be a large body of work to be done there, as Ansible will need to be updated for all the depending roles too, and I expect an Ansible update to bring breaking changes.
I guess it all depends on your willingness to contribute, and the effort the community is ready to put into this old branch. The simpler is, as always, update to a more recent version...