Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1396174 - (CVE-2016-8647) CVE-2016-8647 Ansible: in some circumstances the mysql_user module may fail to correctly change a password
CVE-2016-8647 Ansible: in some circumstances the mysql_user module may fail t...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20161026,reported=2...
: Reopened, Security
Depends On: 1396175 1396176 1447506 1470145
Blocks: 1396212 1396214 1396334 1456591
  Show dependency treegraph
 
Reported: 2016-11-17 11:48 EST by Kurt Seifried
Modified: 2018-06-29 18:15 EDT (History)
60 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An input validation vulnerability was found in Ansible's mysql_user module which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-06-01 16:33:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:1685 normal SHIPPED_LIVE Important: ansible security, bug fix, and enhancement update 2017-07-06 07:23:28 EDT

  None (edit)
Description Kurt Seifried 2016-11-17 11:48:48 EST 
It is reported that in Ansible, under some circumstances the mysql_user module may fail to correctly change a password. Thus an old password may still be active when it should have been changed.

External References:
https://github.com/ansible/ansible-modules-core/pull/5388
Comment 1 Kurt Seifried 2016-11-17 11:50:09 EST 
Created ansible tracking bugs for this issue:

Affects: fedora-all [bug 1396175]
Comment 2 Kurt Seifried 2016-11-17 11:50:43 EST 
Created ansible tracking bugs for this issue:

Affects: epel-all [bug 1396176]
Comment 4 Kevin Fenzi 2017-06-01 16:33:50 EDT 
This was actually fixed in ansible-2.2.1.0 which was pushed a while back. ;(
Comment 5 Adam Mariš 2017-06-02 02:14:03 EDT 
(In reply to Kevin Fenzi from comment #4)
> This was actually fixed in ansible-2.2.1.0 which was pushed a while back. ;(

Please, don't close the bug next time, we still have open trackers for this one. Thanks!
Comment 6 Kevin Fenzi 2017-06-02 12:21:15 EDT 
Oops. Very sorry about that...
Comment 7 errata-xmlrpc 2017-07-06 03:28:26 EDT 
This issue has been addressed in the following products:

  RHEV Engine version 4.1

Via RHSA-2017:1685 https://access.redhat.com/errata/RHSA-2017:1685
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.