If you’re maintaining services on the internet, you know about the importance of keeping up to date with security patches as they come available. Today is no exception with the release of CVE-2016-0800, describing the ‘DROWN’ vulnerability in OpenSSL.
The key points of DROWN are that it can allow for passive decryption of encrypted traffic, via vulnerabilities in the obsolete SSLv2 protocol. Merely using SSLv2 for one service could cause the compromise the traffic of other services, even if they aren’t using SSLv2. More information can be found at http://www.drownattack.com/.
The Red Hat specific announcement can be found in the Red Hat Knowledgebase.
Obviously, this is a big deal, but patching your systems for DROWN doesn’t have to be a big deal, thanks to Ansible.
Here’s a sample playbook for Red Hat/Fedora/CentOS and Debian/Ubuntu systems (link to source):
- hosts: all gather_facts: true sudo: true tasks: - name: update openssl from apt if available apt: name=openssl state=latest update_cache=yes when: ansible_os_family == 'Debian' notify: restart_system - name: update openssl from yum if available yum: name=openssl state=latest update_cache=yes when: ansible_os_family == 'RedHat' notify: restart_system Continue reading
Today we are pleased to announce the release of Galaxy 2.0.1. In this release we fixed a few nagging bugs, improved the UI on the My Roles page, and took steps to make the role import process more reliable.
Here’s a rundown of the issues addressed in this release:
130 - Plural for ‘minutes ago’ is currently ‘minutess ago’
129 - When Travis notifies on a new tag, tag is not imported into Galaxy
126 - Search - make keyword search less fuzzy
123 - Edit role name changes shouldn’t result in broken links
122 - Edit role name changes should be reflected on import roles page
119 - Search on Browse Authors results in 500 error
117 - Duplication in roles list
115 - An error occurred while saving the role: value too long for type character varying(256)
114 - Link to Travis-CI not loading
113 - Move user repository refresh task to separate queue
109 - Role listed multiple (2) times
107 - My Roles not displaying all roles
105 - Users have to refresh browser cache to get new CSS
We broke records last week with over 500 people attending AnsibleFest London last week. If you were able to attend, we hope you enjoyed the event and will come again in 2017. If you couldn't attend, don't worry, we plan on 2 more events this year.
Follow Ansible on Twitter to get the latest news and details.
Deploying a Mesos Based Visual Effects Studio, Industrial Light and Magic
Continuous Deployment for an Order System, Atlassian
Ansible 2.0 and Windows, M*Modal
Ansible Accelerates Deployment at Societe Generale, Theodo
Managing Your Cisco Data Center Network with Ansible, Cisco
Immutable Infrastructure at Scale with Ansible, Beamly
View all of the presentations here.