Ansible: Privilege escalation — GLSA 201411-09

Multiple vulnerabilities has been found in Ansible which may allow local privilege escalation.

Affected packages

Package	app-admin/ansible on all architectures
Affected versions	< 1.6.8
Unaffected versions	>= 1.6.8

Background

Ansible is a radically simple IT automation platform.

Description

Multiple vulnerabilities have been discovered in Ansible. Please review the CVE identifiers referenced below for details.

Impact

A local attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All Ansible users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-admin/ansible-1.6.8"

References

CVE-2014-4657
CVE-2014-4678
CVE-2014-4966
CVE-2014-4967

Release date
November 23, 2014

Latest revision
November 23, 2014: 1

Severity
normal

Exploitable
local

Bugzilla entries

516564
517770