Test ID:	1.3.6.1.4.1.25623.1.1.10.2014.0350
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2014-0350)
Summary:	The remote host is missing an update for the 'ansible' package(s) announced via the MGASA-2014-0350 advisory.
Description:	Summary: The remote host is missing an update for the 'ansible' package(s) announced via the MGASA-2014-0350 advisory. Vulnerability Insight: Updated ansible package fixes security vulnerabilities: The Ansible platform before version 1.6.7 suffers from input sanitization errors that allow arbitrary code execution as well as information leak, in case an attacker is able to control certain playbook variables (CVE-2014-4678, CVE-2014-4966, CVE-2014-4967). The ansible package has been updated to version 1.6.8, which fixes these issues and several other bugs. Affected Software/OS: 'ansible' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-4678 https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916 https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ https://security-tracker.debian.org/tracker/CVE-2014-4678 https://www.openwall.com/lists/oss-security/2014/06/26/30 https://www.openwall.com/lists/oss-security/2014/07/02/2 https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2c493ac8-205e-11e5-a4a5-002590263bf5 https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-4678 Common Vulnerability Exposure (CVE) ID: CVE-2014-4966 http://www.ocert.org/advisories/ocert-2014-004.html Common Vulnerability Exposure (CVE) ID: CVE-2014-4967
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.