-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
2.7: user: do not pass ssh_key_passphrase on cmdline #47445
Conversation
Hi @mkrizek, thank you for submitting this pull-request! |
The test
The test
|
CVE-2018-16837 Co-authored-by: Toshio Kuratomi <a.badger@gmail.com> (cherry picked from commit a0aa53d)
(cherry picked from commit 8d00afc)
c856348
to
2454f65
Compare
(cherry picked from commit 9088671)
(cherry picked from commit 210a43e)
Merged for the 2.7.1 release. @mattclay @nitzmahone, you'll probably want to cherry-pick from this PR for the stable-2.6 and stable-2.5 branches as it consolidates the fix and all of the follow on commits. |
* user: do not pass ssh_key_passphrase on cmdline CVE-2018-16837 Co-authored-by: Toshio Kuratomi <a.badger@gmail.com> (cherry picked from commit a0aa53d) * Ignore user module use of subprocess. (cherry picked from commit 8d00afc) * Fix python3 problem in user module cve fix (cherry picked from commit 9088671) * Fix changelog entry for user module CVE fix (cherry picked from commit 210a43e) (cherry picked from commit b618339)
SUMMARY
CVE-2018-16837
Co-authored-by: Toshio Kuratomi a.badger@gmail.com
(cherry picked from commit a0aa53d)
Backport of #47436
ISSUE TYPE
COMPONENT NAME
user
ANSIBLE VERSION
ADDITIONAL INFORMATION