CVE-2016-8647

NameCVE-2016-8647
DescriptionAn input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs844691

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ansible (PTS)buster, buster (security)2.7.7+dfsg-1+deb10u1fixed
bullseye2.10.7+merged+base+2.10.8+dfsg-1fixed
bookworm, sid7.0.0+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ansiblesourcejessie(not affected)
ansiblesource(unstable)2.2.0.0-4844691

Notes

[jessie] - ansible <not-affected> (Vulnerable code not present)
https://github.com/ansible/ansible-modules-core/pull/5388

Search for package or bug name: Reporting problems