It was found that apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.
Created ansible1.9 tracking bugs for this issue:
Affects: fedora-all [bug 1390651]
Affects: epel-all [bug 1390653]
Created ansible tracking bugs for this issue:
Affects: fedora-all [bug 1390650]
Affects: epel-all [bug 1390652]
This issue is addressed in Ansible 2.2.0 available at: