dz0ny/util-bash-vuln-upgrade-v3.yml

## util-bash-vuln-upgrade-v3.yml
---
- hosts: all
  gather_facts: false
  name: CVE-2014-6271 bash vulnerability fix

  tasks:
    - name: check bash fix
      command: env ls='() { echo vulnerable; }' bash -c ls
      register: command_result
      changed_when: False
      failed_when: False

    - name: update apt cache and upgrade bash
      apt: update_cache=yes name=bash state=latest cache_valid_time=7200
      when: "'error' not in command_result.stderr"
      register: apt_update

    - name: fix libs
      command: /sbin/ldconfig
      when: apt_update|changed

    - name: check bash fix
      command: env ls='() { echo vulnerable; }' bash -c ls
      register: command_result
      failed_when: "'error' not in command_result.stderr"
      changed_when: False
	---
	- hosts: all
	gather_facts: false
	name: CVE-2014-6271 bash vulnerability fix

	tasks:
	- name: check bash fix
	command: env ls='() { echo vulnerable; }' bash -c ls
	register: command_result
	changed_when: False
	failed_when: False

	- name: update apt cache and upgrade bash
	apt: update_cache=yes name=bash state=latest cache_valid_time=7200
	when: "'error' not in command_result.stderr"
	register: apt_update

	- name: fix libs
	command: /sbin/ldconfig
	when: apt_update\|changed

	- name: check bash fix
	command: env ls='() { echo vulnerable; }' bash -c ls
	register: command_result
	failed_when: "'error' not in command_result.stderr"
	changed_when: False