Ansible Role cve_2024_3094

Check if your system is vulnerable due to the xz vulnerability (cve_2024_3094).

GitHub	GitLab	Downloads	Version

Example Playbook

Here is a sample playbook taken from molecule/default/converge.yml. It is tested with every update, pull request, and release.

---
- name: Converge
  hosts: all
  become: true
  gather_facts: true

  roles:
    - role: robertdebock.cve_2024_3094
      cve_2024_3094_cleanup: false

Before running this, make sure the machine is ready. In CI, this is done using molecule/default/prepare.yml:

---
- name: Prepare
  hosts: all
  become: true
  gather_facts: false

  roles:
    - role: robertdebock.bootstrap
    - role: robertdebock.openssh

For more details, check out this full explanation and example.

Role Variables

You can find default variable values in defaults/main.yml:

---
# Default values for cve_2024_3094

# Would you like to remove installed requirements after this role has run?
cve_2024_3094_cleanup: true

# List of paths to check for `sshd`.
cve_2024_3094_sshd_paths:
      - /usr/bin
      - /usr/sbin
      - /usr/local/bin
      - /usr/local/sbin

Requirements

• Install pip packages listed in requirements.txt.

Used Roles

The following roles are used to prepare the system. You may choose to prepare your system differently.

Requirement	GitHub	GitLab
robertdebock.bootstrap
robertdebock.openssh

Context

This role works with many other compatible roles. For more information, check out their documentation.

Here is a diagram of related roles:

Compatibility

This role has been tested using the following container images:

You need at least Ansible version 2.12. Tests have been conducted on:

• Previous version
• Current version
• Development version

If you encounter any problems, please report them on GitHub.

License

This project is licensed under Apache-2.0.

Author Information

Created by robertdebock.

Please consider sponsoring me.