Описание
A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ansible | fixed | 2.2.0.0-1 | package | |
| ansible | not-affected | jessie | package |
Примечания
Fixed upstream in v2.2.0.0-1
https://github.com/ansible/ansible-modules-core/issues/5237
https://github.com/ansible/ansible-modules-core/pull/5353
https://github.com/ansible/ansible-modules-core/pull/5357
Связанные уязвимости
A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.
A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.
A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.
Ansible apt_key module does not properly verify key fingerprint
