—
PYSEC-2017-3
Details
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / ansible
Introduced in:
0 Fixed in: ca2f2c4ebd7b5e097eab0a710f79c1f63badf95b Fix
pip install --upgrade 'ansible>=ca2f2c4ebd7b5e097eab0a710f79c1f63badf95b' References
- https://github.com/ansible/ansible/commit/ca2f2c4ebd7b5e097eab0a710f79c1f63badf95b [FIX]
- https://github.com/ansible/ansible/commit/952166f48eb0f5797b75b160fd156bbe1e8fc647 [FIX]
- https://bugzilla.redhat.com/show_bug.cgi?id=1243468 [REPORT]
- http://www.openwall.com/lists/oss-security/2015/08/17/10 [WEB]
- https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html [WEB]