It was found that code execution is still possible after applying bcceada5d9b78ad77069c78226f8e9b336ff8949 commit to fix CVE-2016-9587. This was fixed in ansible 2.3 by 0d418789a298561fded9bce977d34babc9097079 however it was not backported to previous versions.
Acknowledgments: Name: Evgeni Golov (Red Hat)
notting [12:52 PM] jimi-c already pushed the fix to 2.2 git. i'd defer to @jmckerr & @thaumos on what we're going to officially release when and if it also needs thrown on 2.1. 2.3 isn't affected
Created ansible1.9 tracking bugs for this issue: Affects: fedora-all [bug 1441356] Affects: epel-all [bug 1441358]
Created ansible tracking bugs for this issue: Affects: fedora-all [bug 1441355] Affects: epel-all [bug 1441357]
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.2 Red Hat OpenShift Container Platform 3.3 Red Hat OpenShift Container Platform 3.4 Red Hat OpenShift Container Platform 3.5 Via RHSA-2017:1244 https://access.redhat.com/errata/RHSA-2017:1244
This issue has been addressed in the following products: Red Hat Gluster Storage 3.2 for RHEL 7 Via RHSA-2017:1334 https://access.redhat.com/errata/RHSA-2017:1334
This issue has been addressed in the following products: Red Hat OpenStack Platform 11.0 (Ocata) Via RHSA-2017:1476 https://access.redhat.com/errata/RHSA-2017:1476
This issue has been addressed in the following products: Red Hat Storage Console 2 for Red Hat Enteprise Linux 7 Via RHSA-2017:1499 https://access.redhat.com/errata/RHSA-2017:1499
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2017:1599 https://access.redhat.com/errata/RHSA-2017:1599
This issue has been addressed in the following products: RHEV Engine version 4.1 Via RHSA-2017:1685 https://access.redhat.com/errata/RHSA-2017:1685