{"id":"MGASA-2017-0164","summary":"Updated ansible packages fix security vulnerability","details":"It was found that apt_key module does not properly verify key\nfingerprints, allowing remote adversary to create an OpenPGP key which\nmatches the short key ID and inject this key instead of the correct key\n(CVE-2016-8614).\n\nIt is reported that in Ansible, under some circumstances the mysql_user\nmodule may fail to correctly change a password. Thus an old password\nmay still be active when it should have been changed (CVE-2016-8647).\n\nData for lookup plugins used as variables was not being correctly\nmarked as \"unsafe\" (CVE-2017-7481).\n\nThe ansible package has been updated to version 2.3.1 to fix these\nissues and several other bugs.\n","modified":"2026-02-04T03:20:02.200509Z","published":"2017-06-10T07:01:18Z","related":["CVE-2016-8614","CVE-2016-8647","CVE-2017-7481"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0164.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19740"},{"type":"REPORT","url":"https://github.com/ansible/ansible/blob/stable-2.3/CHANGELOG.md"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BTRG5RQTE7EPZLVJR7WCHPV2O3LCCEJ5/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WJGWOHRWU3FB2DF3V6NNS4GGBWKSOWYA/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UQMRFYTFTPAGI22UEXIEZH4U4BOTGVWH"}],"affected":[{"package":{"name":"ansible","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/ansible?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.1.0-2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0164.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}