CVE-2016-3096

Name of the Vulnerable Software and Affected Versions Ansible versions prior to 1.9.6-1 Ansible versions 2.x prior to 2.0.2.0

Description The issue allows local users to write to arbitrary files or gain privileges via a symlink attack on several files and directories, including /opt/.lxc-attach-script, the archived container in the archive path directory, or the lxc-attach-script.log or lxc-attach-script.err files in the temporary directory. This is due to a flaw in the create script function within the lxc container module.

Recommendations For Ansible versions prior to 1.9.6-1, update to version 1.9.6-1 or later. For Ansible versions 2.x prior to 2.0.2.0, update to version 2.0.2.0 or later. As a temporary workaround, consider restricting access to the create script function in the lxc container module until a patch is applied.