—

PYSEC-2018-58

Details

An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / ansible

Introduced in: 0 Fixed in: 2.2.1.0

Fix pip install --upgrade 'ansible>=2.2.1.0'

References

https://github.com/ansible/ansible-modules-core/pull/5388 [WEB]
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647 [REPORT]
https://access.redhat.com/errata/RHSA-2017:1685 [ADVISORY]
https://github.com/advisories/GHSA-x4cm-m36h-c6qj [ADVISORY]