Bug 18275 - ansible new security issue CVE-2016-3096
Summary: ansible new security issue CVE-2016-3096
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/685137/
Whiteboard: has_procedure advisory MGA5-32-OK
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2016-04-27 18:00 CEST by David Walser
Modified: 2016-05-05 18:27 CEST (History)
4 users (show)

See Also:
Source RPM: ansible-1.9.2-1.mga5.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2016-04-27 18:00:06 CEST
Fedora has issued an advisory on April 25:
https://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html

The issue is fixed upstream in 1.9.6.  It is also fixed in 2.0.2 (already in Cauldron).
Comment 1 Philippe Makowski 2016-04-30 18:54:29 CEST
Fedora has issued an advisory on April 25:
https://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html

Test procedure : https://bugs.mageia.org/show_bug.cgi?id=16309#c9


Updated packages uploaded for Mageia 5

Advisory:
========================

Updated subversion packages fix security vulnerabilities:

A vulnerability in lxc_container, ansible module, was found allowing to get root inside the container. The problem is in the create_script function, which tries to write to /opt/.lxc-attach-script inside of the container. If the attacker can write to /opt/.lxc-attach-script before that, he can overwrite arbitrary files or execute commands as root (CVE-2016-3096) 


References:
- https://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html
- http://lwn.net/Vulnerabilities/685137/
- https://github.com/ansible/ansible/blob/stable-1.9/CHANGELOG.md


Updated packages in core/updates_testing:
========================
ansible-1.9.6-1.mga5.noarch.rpm

from ansible-1.9.6-1.mga5.src.rpm

CC: (none) => makowski.mageia
Assignee: bruno => bugsquad
Whiteboard: (none) => has_procedure

Comment 2 David Walser 2016-04-30 19:06:02 CEST
Thanks!

A few minor advisory fixes.

Advisory:
========================

Updated ansible package fixes security vulnerability:

A vulnerability in lxc_container, ansible module, was found allowing to get
root inside the container. The problem is in the create_script function, which
tries to write to /opt/.lxc-attach-script inside of the container. If the
attacker can write to /opt/.lxc-attach-script before that, he can overwrite
arbitrary files or execute commands as root (CVE-2016-3096).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3096
https://github.com/ansible/ansible/blob/stable-1.9/CHANGELOG.md
https://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html
Comment 3 Marja Van Waes 2016-05-01 09:40:03 CEST
There doesn't seem to be a real reason why this bug wasn't assigned to QA.... the updated package is waiting in updates_testing since last (CEST) evening
ftp://mageia.webconquest.com/distrib/5/i586/media/core/updates_testing/ansible-1.9.6-1.mga5.noarch.rpm and this bug contains an Advisory.

Assigning to QA

CC: (none) => marja11
Assignee: bugsquad => qa-bugs

Comment 4 Herman Viaene 2016-05-04 15:50:21 CEST
MGA-32 on AcerD620 Xfce
No installation issues.
Followed procedure as indicated in Comment 1 and got at the CLI:
$ ansible -i tmp/hosts all -m ping
xxx.xxx.xxx.xxx | success >> {
    "changed": false,
    "ping": "pong"
}

CC: (none) => herman.viaene
Whiteboard: has_procedure => has_procedure MGA5-32-OK

Comment 5 claire robinson 2016-05-05 17:31:55 CEST
Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 6 claire robinson 2016-05-05 18:05:27 CEST
Advisory uploaded.

Whiteboard: has_procedure MGA5-32-OK => has_procedure advisory MGA5-32-OK

Comment 7 Mageia Robot 2016-05-05 18:27:22 CEST
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0163.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.