These are no longer relevant in newer base images of 12.04 and 16.04

Checking for them is generally a waste of time these days.
We also now default to applying security updates on devstacks and
we do them in production.  We may enable them everywhere in a future
release, but that will require more updates.

playbooks/roles/security/tasks/security-ubuntu.yml

@@ -57,47 +57,3 @@
   with_items:
     - unattended-upgrade --dry-run
     - unattended-upgrade
-
-#### Bash security vulnerability
-
-- name: Check if we are vulnerable
-  shell: "executable=/bin/bash chdir=/tmp foo='() { echo vulnerable; }' bash -c foo"
-  register: test_vuln
-  ignore_errors: yes
-
-- name: Apply bash security update if we are vulnerable
-  apt:
-    name: bash
-    state: latest
-    update_cache: yes
-  when: "'vulnerable' in test_vuln.stdout"
-
-- name: Check again and fail if we are still vulnerable
-  shell: "executable=/bin/bash foo='() { echo vulnerable; }' bash -c foo"
-  when: "'vulnerable' in test_vuln.stdout"
-  register: test_vuln
-  failed_when: "'vulnerable' in test_vuln.stdout"
-
-#### GHOST security vulnerability
-
-- name: GHOST.c
-  copy:
-    src: "tmp/GHOST.c"
-    dest: "/tmp/GHOST.c"
-    owner: root
-    group: root
-
-- name: Compile GHOST
-  shell: "gcc -o /tmp/GHOST /tmp/GHOST.c"
-
-- name: Check if we are vulnerable
-  shell: "/tmp/GHOST"
-  register: test_ghost_vuln
-  ignore_errors: yes
-
-- name: Apply glibc security update if we are vulnerable
-  apt:
-    name: libc6
-    state: latest
-    update_cache: yes
-  when: "'vulnerable' in test_ghost_vuln.stdout"