Mehrere Probleme in Ansible Tower
ID: | RHSA-2018:3505-01 |
Distribution: | Red Hat |
Plattformen: | Red Hat Ansible Tower |
Datum: | Mi, 7. November 2018, 07:37 |
Referenzen: | https://access.redhat.com/security/cve/CVE-2018-0737
https://access.redhat.com/security/cve/CVE-2018-14679 https://access.redhat.com/security/cve/CVE-2016-9396 https://access.redhat.com/security/cve/CVE-2018-17456 https://access.redhat.com/security/cve/CVE-2018-14680 https://access.redhat.com/security/cve/CVE-2017-18267 https://access.redhat.com/security/cve/CVE-2018-1000805 https://access.redhat.com/security/cve/CVE-2017-1000050 https://access.redhat.com/security/cve/CVE-2018-10733 https://access.redhat.com/security/cve/CVE-2018-1060 https://access.redhat.com/security/cve/CVE-2017-3735 https://access.redhat.com/security/cve/CVE-2018-10768 https://access.redhat.com/security/cve/CVE-2018-1061 https://access.redhat.com/security/cve/CVE-2018-0732 https://access.redhat.com/security/cve/CVE-2018-0495 https://access.redhat.com/security/cve/CVE-2018-10845 https://access.redhat.com/security/cve/CVE-2018-14682 https://access.redhat.com/security/cve/CVE-2018-12384 https://access.redhat.com/security/cve/CVE-2018-14681 https://access.redhat.com/security/cve/CVE-2018-12910 https://access.redhat.com/security/cve/CVE-2018-10844 https://access.redhat.com/security/cve/CVE-2018-10767 https://access.redhat.com/security/cve/CVE-2015-9262 https://access.redhat.com/security/cve/CVE-2018-0739 https://access.redhat.com/security/cve/CVE-2018-10846 https://access.redhat.com/security/cve/CVE-2018-13988 https://access.redhat.com/security/cve/CVE-2018-16837 |
Applikationen: | Ansible Tower |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: Red Hat Ansible Tower 3.3.1-2 Release - Container Image Advisory ID: RHSA-2018:3505-01 Product: Red Hat Ansible Tower Advisory URL: https://access.redhat.com/errata/RHSA-2018:3505 Issue date: 2018-11-06 CVE Names: CVE-2015-9262 CVE-2016-9396 CVE-2017-3735 CVE-2017-18267 CVE-2017-1000050 CVE-2018-0495 CVE-2018-0732 CVE-2018-0737 CVE-2018-0739 CVE-2018-1060 CVE-2018-1061 CVE-2018-10733 CVE-2018-10767 CVE-2018-10768 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 CVE-2018-12384 CVE-2018-12910 CVE-2018-13988 CVE-2018-14679 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 CVE-2018-16837 CVE-2018-17456 CVE-2018-1000805 ===================================================================== 1. Summary: Security Advisory 2. Description: Red Hat Ansible Tower 3.3.1 is now available and contains the following bug fixes: - - Fixed event callback error when in-line vaulted variables are used with ``include_vars`` - - Fixed HSTS and X-Frame-Options to properly be set in nginx configuration - - Fixed isolated node setup to no longer fail when ``ansible_host`` is used - - Fixed selection of custom virtual environments in job template creation - - Fixed websockets for job details to properly work - - Fixed the ``/api/v2/authtoken`` compatibility shim - - Fixed page size selection on the jobs screen - - Fixed instances in an instance group to properly be disabled in the user interface - - Fixed the job template selection in workflow creation to properly render - - Fixed ``member_attr`` to properly set on some LDAP configurations during upgrade, preventing login - - Fixed ``PosixUIDGroupType`` LDAP configurations - - Improved the RAM requirement in the installer preflight check - - Updated Tower to properly report an error when relaunch was used on a set of failed hosts that is too large - - Updated sosreport configuration to gather more python environment, nginx, and supervisor configuration - - Fixed display of extra_vars for scheduled jobs 3. Solution: The Ansible Tower Upgrade and Migration Guide is available at: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. References: https://access.redhat.com/security/cve/CVE-2015-9262 https://access.redhat.com/security/cve/CVE-2016-9396 https://access.redhat.com/security/cve/CVE-2017-3735 https://access.redhat.com/security/cve/CVE-2017-18267 https://access.redhat.com/security/cve/CVE-2017-1000050 https://access.redhat.com/security/cve/CVE-2018-0495 https://access.redhat.com/security/cve/CVE-2018-0732 https://access.redhat.com/security/cve/CVE-2018-0737 https://access.redhat.com/security/cve/CVE-2018-0739 https://access.redhat.com/security/cve/CVE-2018-1060 https://access.redhat.com/security/cve/CVE-2018-1061 https://access.redhat.com/security/cve/CVE-2018-10733 https://access.redhat.com/security/cve/CVE-2018-10767 https://access.redhat.com/security/cve/CVE-2018-10768 https://access.redhat.com/security/cve/CVE-2018-10844 https://access.redhat.com/security/cve/CVE-2018-10845 https://access.redhat.com/security/cve/CVE-2018-10846 https://access.redhat.com/security/cve/CVE-2018-12384 https://access.redhat.com/security/cve/CVE-2018-12910 https://access.redhat.com/security/cve/CVE-2018-13988 https://access.redhat.com/security/cve/CVE-2018-14679 https://access.redhat.com/security/cve/CVE-2018-14680 https://access.redhat.com/security/cve/CVE-2018-14681 https://access.redhat.com/security/cve/CVE-2018-14682 https://access.redhat.com/security/cve/CVE-2018-16837 https://access.redhat.com/security/cve/CVE-2018-17456 https://access.redhat.com/security/cve/CVE-2018-1000805 https://access.redhat.com/security/updates/classification/#critical RHSA-2018:3347 5. Contact: The Red Hat security contact is |