Candidate: CVE-2016-8614
PublicDate: 2018-07-31 21:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8614
 https://github.com/ansible/ansible-modules-core/issues/5237
 https://github.com/ansible/ansible-modules-core/pull/5353
 https://github.com/ansible/ansible-modules-core/pull/5357
Description:
 A flaw was found in Ansible before version 2.2.0. The apt_key module does
 not properly verify key fingerprints, allowing remote adversary to create
 an OpenPGP key which matches the short key ID and inject this key instead
 of the correct key.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Robin Schneider
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]

Patches_ansible:
upstream_ansible: released (2.2.0.0-1)
precise_ansible: DNE
precise/esm_ansible: DNE
trusty_ansible: ignored (out of standard support)
trusty/esm_ansible: needed
vivid/stable-phone-overlay_ansible: DNE
vivid/ubuntu-core_ansible: DNE
xenial_ansible: ignored (end of standard support, was needed)
yakkety_ansible: ignored (reached end-of-life)
zesty_ansible: ignored (reached end-of-life)
artful_ansible: ignored (reached end-of-life)
bionic_ansible: not-affected (2.5.1+dfsg-1)
cosmic_ansible: not-affected (2.6.1+dfsg-1)
disco_ansible: not-affected (2.6.1+dfsg-1)
eoan_ansible: not-affected (2.6.1+dfsg-1)
focal_ansible: not-affected (2.6.1+dfsg-1)
groovy_ansible: not-affected (2.6.1+dfsg-1)
hirsute_ansible: not-affected (2.6.1+dfsg-1)
impish_ansible: not-affected (2.6.1+dfsg-1)
jammy_ansible: not-affected (2.6.1+dfsg-1)
devel_ansible: not-affected (2.6.1+dfsg-1)