Ansible patch single package
Ansible patch single package
---
- hosts: all
user: root
sudo: true
tasks:
- name: update bash with apt
apt: name=bash state=latest update_cache=yes
when: ansible_os_family == 'Debian'
- name: update bash with yum
yum: name=bash state=latest
when: ansible_os_family == 'RedHat'
- name: check bash fix
command: env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
register: command_result
failed_when: "'error' not in command_result.stderr"