UBUNTU-CVE-2016-8614

See a problem?
Source
https://ubuntu.com/security/notices/UBUNTU-CVE-2016-8614
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-8614.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-8614
Related
Published
2018-07-31T21:29:00Z
Modified
2018-07-31T21:29:00Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.

References

Affected packages

Ubuntu:Pro:14.04:LTS / ansible

Package

Name
ansible

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1+dfsg-1
1.3.4+dfsg-1
1.4.0+dfsg-1
1.4.1+dfsg-1
1.4.3+dfsg-1
1.4.4+dfsg-1
1.5.4+dfsg-1
1.5.4+dfsg-1ubuntu0.1~esm2

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / ansible

Package

Name
ansible

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.9.2+dfsg-2
1.9.4-1

2.*

2.0.0.2-2
2.0.0.2-2ubuntu1
2.0.0.2-2ubuntu1.1
2.0.0.2-2ubuntu1.2
2.0.0.2-2ubuntu1.3
2.0.0.2-2ubuntu1.3+esm1
2.0.0.2-2ubuntu1.3+esm2

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:18.04:LTS / ansible

Package

Name
ansible
Purl
pkg:deb/ubuntu/ansible@2.5.1+dfsg-1?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.1+dfsg-1

Affected versions

2.*

2.3.1.0+dfsg-2
2.5.0+dfsg-1

Ecosystem specific 

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "ansible": "2.5.1+dfsg-1"
        }
    ]
}