drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Red Hat Ansible Tower
Name: |
Mehrere Probleme in Red Hat Ansible Tower |
|
ID: |
RHSA-2021:0779-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Ansible Tower |
|
Datum: |
Mi, 10. März 2021, 07:12 |
|
Referenzen: |
https://access.redhat.com/security/cve/CVE-2020-12723
https://access.redhat.com/security/cve/CVE-2020-10878
https://access.redhat.com/security/cve/CVE-2019-20372
https://access.redhat.com/security/cve/CVE-2021-20191
https://access.redhat.com/security/cve/CVE-2021-20178
https://access.redhat.com/security/cve/CVE-2021-20228
https://access.redhat.com/security/cve/CVE-2021-20253
https://access.redhat.com/security/cve/CVE-2020-10543
https://access.redhat.com/security/cve/CVE-2020-35678
https://access.redhat.com/security/cve/CVE-2021-20180 |
|
Applikationen: |
Red Hat Ansible Tower |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat Ansible Tower 3.7.5-1 - Container security and bug fix update Advisory ID: RHSA-2021:0779-01 Product: Red Hat Ansible Tower Advisory URL: https://access.redhat.com/errata/RHSA-2021:0779 Issue date: 2021-03-09 CVE Names: CVE-2019-20372 CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 CVE-2020-35678 CVE-2021-20178 CVE-2021-20180 CVE-2021-20191 CVE-2021-20228 CVE-2021-20253 =====================================================================
1. Summary:
Red Hat Ansible Tower 3.7.5-1 - RHEL7 Container
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
2. Description:
Security Fix(es):
* Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253 * Upgraded to a more recent version of autobahn to address CVE-2020-35678. * Upgraded to a more recent version of nginx to address CVE-2019-20372.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches. * Improved analytics collection to collect the playbook status for all hosts in a playbook run
3. Solution:
For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html
4. Bugs fixed (https://bugzilla.redhat.com/):
1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape
5. References:
https://access.redhat.com/security/cve/CVE-2019-20372 https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/cve/CVE-2020-35678 https://access.redhat.com/security/cve/CVE-2021-20178 https://access.redhat.com/security/cve/CVE-2021-20180 https://access.redhat.com/security/cve/CVE-2021-20191 https://access.redhat.com/security/cve/CVE-2021-20228 https://access.redhat.com/security/cve/CVE-2021-20253 https://access.redhat.com/security/updates/classification/#important
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYEeZ8tzjgjWX9erEAQj0TA/9Fx0BBmEfw4RU2SpqT9XRlHx3azelKZjL V4jVeQVG5v19MqlH1MdIG+g5bcRQFf96py45ld3yZKShwLc+VcPdgvEZ9jZpbSnl ccl7Q83Gb22AvIQn8UyGzXJ1PQ2EwIzUM24N/OF+VeG11pUaDS90Snsn0BODAgdN I5J/0qn5VOaZhMIQKmwySi+E4oIfHvjRbcu67HB20/JPEizs9/enkcgQRFkr0s77 OoBbj82Q4L/ZmT01oVHdjuSk/tYJy8t1lx9MMgmLE/7hZ6Jei0ut0C/Wl9Oj92jX HaZ1Kpjdq77KEnIJM4YZwW/ib7XxM5GQbqpHeBYMCKbw+1qJli2q8ucQWLNnT6ZR 0U7tBFxRGFYj6hnwGbk+6gart7OD7JZorMTfLQaMhdin3AGsFG46IPyYSugTlQgB ZQkl4my4t3MYuk7/al+s2zrDejx/K1X+mBu8Kjx4sOxV9tsKH/hEh7lbr0s2c2eJ rCkSIQlEKOyc3mUyG4xE8WtFTM+w1BshtuTJjgWxpkRksuaUYixxQDbyDo23//Jq IimdvGuh9cZ4yJFGHyehbW0MbF64yJMmerZpMZhnK2xgZ6idwmeIeAjTd6gcVx7N JbIXgBGeOsCUqokZr0cp4yKY2mhw1J+Qhb9VWC8Rei3UnWNz37gtwCIm88hUmgMj C5QiPiaBTJE= =xpAP -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
|
|
|
|