drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in Red Hat Ansible Automation Platform
Name: |
Denial of Service in Red Hat Ansible Automation Platform |
|
ID: |
RHSA-2021:3473-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Ansible Automation Platform |
|
Datum: |
Do, 9. September 2021, 07:01 |
|
Referenzen: |
https://access.redhat.com/security/cve/CVE-2021-33503 |
|
Applikationen: |
Red Hat Ansible Automation Platform |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat Automation Platform 1.2.5 security and bugfixes update Advisory ID: RHSA-2021:3473-01 Product: Red Hat Ansible Automation Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:3473 Issue date: 2021-09-08 CVE Names: CVE-2021-33503 =====================================================================
1. Summary:
An update is now available for Red Hat Automation Platform 1.2.5.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Automation Hub 4.2 for RHEL 7 - noarch, x86_64 Red Hat Automation Hub 4.2 for RHEL 8 - noarch, x86_64
3. Description:
Red Hat Ansible Automation Platform integrates Red Hat’s automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine, and use-case specific capabilities for Microsoft Windows,network, security, and more, along with Software-as-a-Service (SaaS)-based capabilities and features for organization-wide effectiveness.
Security Fix(es):
* python-urllib3: Catastrophic backtracking in URL authority parser (CVE-2021-33503)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.
4. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1968074 - CVE-2021-33503 python-urllib3: ReDoS in the parsing of authority part of URL
6. Package List:
Red Hat Automation Hub 4.2 for RHEL 7:
Source: automation-hub-4.2.6-1.el7pc.src.rpm python-galaxy-ng-4.2.6-1.el7pc.src.rpm python-requests-2.25.1-1.el7pc.src.rpm python-urllib3-1.26.5-1.el7pc.src.rpm python3-click-7.1.2-3.el7pc.src.rpm
noarch: automation-hub-4.2.6-1.el7pc.noarch.rpm python3-chardet-3.0.4-3.el7pc.noarch.rpm python3-click-7.1.2-3.el7pc.noarch.rpm python3-galaxy-ng-4.2.6-1.el7pc.noarch.rpm python3-gnupg-0.4.6-3.el7pc.noarch.rpm python3-jinja2-2.11.2-3.el7pc.noarch.rpm python3-requests-2.25.1-1.el7pc.noarch.rpm python3-semantic-version-2.8.5-3.el7pc.noarch.rpm python3-urllib3-1.26.5-1.el7pc.noarch.rpm
x86_64: python3-markupsafe-1.1.1-4.el7pc.x86_64.rpm python3-markupsafe-debuginfo-1.1.1-4.el7pc.x86_64.rpm
Red Hat Automation Hub 4.2 for RHEL 8:
Source: automation-hub-4.2.6-1.el8pc.src.rpm python-galaxy-ng-4.2.6-1.el8pc.src.rpm python-requests-2.25.1-1.el8pc.src.rpm python-urllib3-1.26.5-1.el8pc.src.rpm
noarch: automation-hub-4.2.6-1.el8pc.noarch.rpm python3-click-7.1.2-3.el8pc.noarch.rpm python3-galaxy-ng-4.2.6-1.el8pc.noarch.rpm python3-gnupg-0.4.6-3.el8pc.noarch.rpm python3-jinja2-2.11.2-3.el8pc.noarch.rpm python3-requests-2.25.1-1.el8pc.noarch.rpm python3-semantic-version-2.8.5-3.el8pc.noarch.rpm python3-urllib3-1.26.5-1.el8pc.noarch.rpm
x86_64: python3-markupsafe-1.1.1-4.el8pc.x86_64.rpm python3-markupsafe-debuginfo-1.1.1-4.el8pc.x86_64.rpm python3-markupsafe-debugsource-1.1.1-4.el8pc.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-33503 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_ansible_automation_platform/1.2/html/red_hat_ansible_automation_platform_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYTkOENzjgjWX9erEAQgkkg/9HPbXh5Y2kqE3bD9OmEMjXc4bTTqzVXVO oDM3TQw6jNs8opP9IU5l3u9GlbPVsqVHnmRc8iN4WhWC7i2HqQV4ycu0BQq5LMrd DPzTY6I8RNjkmmTIXauPsDda0AqW+AaBm7JJGB2YMxHJ4YAO+nMo1iptmqBRStoX 4fnmX9NED4uPz3hv+fhXDai84OewX70CPxadcog3Q4+dIAuHclunBn6ErDtQgEGl 40NqbNFgDcv0MQ/gSO2H7OJQLFuTsIdk0uJxx8J0sHPLLRqdKlwdoYEox744VxZ5 RpKVTt7AEiAUuQxRLSgoTLm2wpqw/BlkjHkWLlFfs+u+hiPe6esB7nEl1MLiGC+T hr5i70BEp2MNhi0QGkY3CRsb9+e1KKtsrIO8fThypnfMGxO+qw66rA73Dosj7eRM 8bmfdYR5WQepYD0+Pmpa04IkheF3j93uqD1DLxc0TtsO5wmO2tzlrUuJyepXpiOD IQIzDxtVPZqfO8e9V563vIYXsRnaQUqID0vzG09MIutx9cOwugbRV/BI2DsSiK7V X1v/ehZz7ybXYYkLRYtg6RRGIX3hUi0Yw0ijbh18qd4XrBhzDaYDDsnBIctWOyrN gbENWxoRIlfLIRG5m+bNCh1WoviBdt9bP0YS+Jtx48GcQIDMJQpa/U3t73r9h6hc IF9mKVY3M2Y= =7nq3 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
|
|
|
|