CentOS 6.6 gmp is latest; warning still there

[Chris Short]

I just built a clean CentOS 6.6 server and have ansible installed. All packages are up to date and I'm still seeing this error:

[WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (i.e. yum update gmp).

I believe I have seen this discussed elsewhere but is there a solid resolution for this?

[James Cammarata]

Hi Chris, you can disable this warning in your ansible.cfg file (system_warnings=no). 

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/e0293b50-35c0-4975-9974-a8c28326e287%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Giovanni Tirloni]

On Mon, 09 Feb 2015 07:34 -0800, Chris Short <ch...@chrisshort.net>
wrote:

> I just built a clean CentOS 6.6 server and have ansible installed. All
> packages are up to date and I'm still seeing this error:
>
> [WARNING]: The version of gmp you have installed has a known issue
> regarding
> timing vulnerabilities when used with pycrypto. If possible, you should
> update
> it (i.e. yum update gmp).

Relevant discussion:

https://github.com/ansible/ansible/issues/6941
https://bugzilla.redhat.com/show_bug.cgi?id=1103566

Giovanni

[Toshio Kuratomi]

I reanalyzed the bug today and working with the EPEL maintainer,
submitted an updated python-crypto2.6 package:
https://admin.fedoraproject.org/updates/python-crypto2.6-2.6.1-2.el6

It's not ideal as it disables the C extension in order to make the
code more secure but i don't think that will be too bad for ansible's
usage. This is only used for vault and vault typically isn't doing
enough encryption and decryption for the speed difference to matter.

-toshio

> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.

> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1423825255.151173.227053421.4A477370%40webmail.messagingengine.com.

[Chris Short]

Awesome! Thank you.

[Vikas Kumar]

I confirm this works on CentOS 6.3, one has to enable epel repo though.

Warning

# ansible-playbook --version

 [WARNING]: The version of gmp you have installed has a known issue regarding
timing vulnerabilities when used with pycrypto. If possible, you should update
it (i.e. yum update gmp).

ansible-playbook 1.9.2
  configured module search path = /opt/ansible/modules
#

Solution

# yum install python-crypto2.6
# ansible-playbook --version
ansible-playbook 1.9.2
  configured module search path = /usr/share/ansible:/home/ansible/venv/share/ansible:/opt/ansible/modules
#

Regards,

Vikas