Hi all,
Ansible 2.5.11 and 2.6.7 were released today. These releases only fix reported security vulnerability CVE-2018-16837 (https://nvd.nist.gov/vuln/detail/CVE-2018-16837).
The fix protects the user module from potentially disclosing the passphrase used for ssh-keygen when generating a new user key.
The new releases are available via the usual installation methods on PyPI, https://releases.ansible.com/ansible/, and on GitHub. Detailed installation instructions are available at https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html.
Future 2.6 series releases will occur every few weeks. 2.5 will only receive security updates going forward.
Release tarball SHAs from releases.ansible.com:
- 2.6.7 SHA256: 003ae1df874cd3a2c12454dd8f073cecc03b8a10508d898367a3f134139fea82
- 2.5.11 SHA256: 44544a9e8b9c9b1ab8168a53a8131aec05636ef8fe2688732a6a0935e87c301f
Happy automating!
Matt Davis (@nitzmahone)
Ansible Core Engineering