gg7 · August 5, 2016 02:15 · rdmarsh · Feb 18, 2016
diff --git a/cve-2015-7547.yml b/cve-2015-7547.yml
 - hosts: all
  remote_user: root
  tasks:
    - name: Apt-get update
      apt: update_cache=yes cache_valid_time=3600
      when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'

    - name: Check if libc6 is installed (apt)
      command: dpkg-query -W libc6
      register: libc6
      failed_when: libc6.rc > 1
      changed_when: False
      when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'

    - name: Check if libc6-bin is installed (apt)
      command: dpkg-query -W libc6-bin
      register: libc6_bin
      failed_when: libc6_bin.rc > 1
      changed_when: False
      when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'

    - name: Update libc6 if installed (apt)
      apt: pkg=libc6 state=latest
      when: (ansible_distribution =='Debian' or ansible_distribution == 'Ubuntu') and libc6.rc == 0

    - name: Update libc6-bin if installed (apt)
      apt: pkg=libc6-bin state=latest
      when: (ansible_distribution =='Debian' or ansible_distribution == 'Ubuntu') and libc6_bin.rc == 0

    - name: Check if glibc is installed (yum)
      command: yum -q list installed glibc
      register: glibc
      failed_when: glibc.rc > 1
      changed_when: False
      when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'

    - name: Check if glibc-common is installed (yum)
      command: yum -q list installed glibc-common
      register: glibc_common
      failed_when: glibc_common.rc > 1
      changed_when: False
      when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'

    - name: Update glibc if installed (yum)
      yum: name=glibc state=latest
      when: (ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux') and glibc.rc == 0

    - name: Update glibc-common if installed (yum)
      yum: name=glibc-common state=latest
      when: (ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux') and glibc_common.rc == 0
	- hosts: all
	remote_user: root
	tasks:
	- name: Apt-get update
	apt: update_cache=yes cache_valid_time=3600
	when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'

	- name: Check if libc6 is installed (apt)
	command: dpkg-query -W libc6
	register: libc6
	failed_when: libc6.rc > 1
	changed_when: False
	when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'

	- name: Check if libc6-bin is installed (apt)
	command: dpkg-query -W libc6-bin
	register: libc6_bin
	failed_when: libc6_bin.rc > 1
	changed_when: False
	when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'

	- name: Update libc6 if installed (apt)
	apt: pkg=libc6 state=latest
	when: (ansible_distribution =='Debian' or ansible_distribution == 'Ubuntu') and libc6.rc == 0

	- name: Update libc6-bin if installed (apt)
	apt: pkg=libc6-bin state=latest
	when: (ansible_distribution =='Debian' or ansible_distribution == 'Ubuntu') and libc6_bin.rc == 0

	- name: Check if glibc is installed (yum)
	command: yum -q list installed glibc
	register: glibc
	failed_when: glibc.rc > 1
	changed_when: False
	when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'

	- name: Check if glibc-common is installed (yum)
	command: yum -q list installed glibc-common
	register: glibc_common
	failed_when: glibc_common.rc > 1
	changed_when: False
	when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'

	- name: Update glibc if installed (yum)
	yum: name=glibc state=latest
	when: (ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux') and glibc.rc == 0

	- name: Update glibc-common if installed (yum)
	yum: name=glibc-common state=latest
	when: (ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux') and glibc_common.rc == 0