RedHat has issued an advisory on October 19: https://access.redhat.com/errata/RHSA-2017:2966 Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOO
CC: (none) => marja11
Updates made and pushed for all versions.
Status: NEW => ASSIGNED
Thanks Bruno! Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=19740#c7 Advisory: ======================== Updated ansible package fixes security vulnerability: A flaw was found in the way Ansible passed certain parameters to the jenkins_plugin module. A remote attacker could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation (CVE-2017-7550). The ansible package has been updated to version 2.4.1 to fix this issue and several other bugs. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7550 https://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md https://access.redhat.com/errata/RHSA-2017:2966 ======================== Updated packages in core/updates_testing: ======================== ansible-2.4.1.0-1.1.mga5 ansible-2.4.1.0-1.1.mga6 from SRPMS: ansible-2.4.1.0-1.1.mga5.src.rpm ansible-2.4.1.0-1.1.mga6.src.rpm
Assignee: bruno => qa-bugsCC: (none) => brunoVersion: Cauldron => 6Whiteboard: MGA6TOO, MGA5TOO => MGA5TOO
Keywords: (none) => has_procedure
Mageia 6 on x86_64. Created a /tmp/hosts file containing the IP addresses of two machines on the LAN. Used the ansible ping command successfully - see reference in comment 2. Updated ansible. $ ansible -i /tmp/hosts all -m ping 192.168.1.3 | SUCCESS => { "changed": false, "failed": false, "ping": "pong" } 192.168.1.161 | SUCCESS => { "changed": false, "failed": false, "ping": "pong" } If this is all that is required then ansible is OK.
CC: (none) => tarazed25
Whiteboard: MGA5TOO => MGA5TOO MGA6-64-OK
Mageia 6 on i586 in virtualbox Installed ansible and updated it. Created new public RSA key and copied it to two hosts on the network. $ cat .ssh/id_rsa.pub | ssh lcl@belexeuli 'cat >> .ssh/authorized_keys' $ cat .ssh/id_rsa.pub | ssh lcl@hamal 'cat >> .ssh/authorized_keys' Password:........... Then ran the ansible test command. $ ansible -i /tmp/hosts all -m ping 192.168.1.156 | SUCCESS => { "changed": false, "failed": false, "ping": "pong" } 192.168.1.161 | SUCCESS => { "changed": false, "failed": false, "ping": "pong" } OK for 32-bits.
Whiteboard: MGA5TOO MGA6-64-OK => MGA5TOO MGA6-64-OK MGA6-32-OK
Mageia 5 on x86_64 $ sudo urpmi ansible To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Release (distrib1)") python-babel 1.3 8.mga5 noarch python-ecdsa 0.11 5.mga5 noarch python-jinja2 2.7.3 4.mga5 noarch python-keyczar 0.71c 5.mga5 noarch python-markupsafe 0.23 6.mga5 x86_64 python-pytz 2014.7 4.mga5 noarch python-yaml 3.10 10.mga5 x86_64 (medium "Core Updates (distrib3)") ansible 2.3.1.0 2.mga5 noarch python-paramiko 1.15.2 1.1.mga5 noarch python-pyasn1 0.1.8 1.mga5 noarch python-pycrypto 2.6.1 6.1.mga5 x86_64 Generate a new RSA keypair and copied the public keys to two other hosts on the network and tested ansible. Updated the package: - ansible-2.4.1.0-1.1.mga5.noarch - python-cffi-1.1.2-1.mga5.x86_64 - python-cryptography-1.0.2-1.1.mga5.x86_64 - python-enum34-1.0.4-1.mga5.noarch - python-idna-2.0-1.mga5.noarch - python-ipaddress-1.0.15-1.mga5.noarch - python-ply-3.4-9.mga5.noarch - python-pycparser-2.10-7.mga5.noarch - python-six-1.7.3-4.mga5.noarch $ ansible -i ~/tmp/hosts all -m ping 192.168.1.156 | SUCCESS => { "changed": false, "failed": false, "ping": "pong" } 192.168.1.161 | SUCCESS => { "changed": false, "failed": false, "ping": "pong" } OK for 64-bits.
Whiteboard: MGA5TOO MGA6-64-OK MGA6-32-OK => MGA5TOO MGA6-64-OK MGA6-32-OK MGA5-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0399.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED