Mehrere Probleme in Red Hat Ansible Tower
ID: | RHSA-2021:0778-01 |
Distribution: | Red Hat |
Plattformen: | Red Hat Ansible Tower |
Datum: | Mi, 10. März 2021, 07:10 |
Referenzen: | https://access.redhat.com/security/cve/CVE-2019-17006
https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2020-12243 https://access.redhat.com/security/cve/CVE-2021-20228 https://access.redhat.com/security/cve/CVE-2019-12749 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2021-20253 https://access.redhat.com/security/cve/CVE-2020-12402 https://access.redhat.com/security/cve/CVE-2019-11727 https://access.redhat.com/security/cve/CVE-2021-20178 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/cve/CVE-2020-12401 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2019-20372 https://access.redhat.com/security/cve/CVE-2019-11719 https://access.redhat.com/security/cve/CVE-2019-17023 https://access.redhat.com/security/cve/CVE-2020-6829 https://access.redhat.com/security/cve/CVE-2020-35678 https://access.redhat.com/security/cve/CVE-2019-17498 https://access.redhat.com/security/cve/CVE-2020-12400 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2019-11756 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2021-20191 https://access.redhat.com/security/cve/CVE-2020-12403 https://access.redhat.com/security/cve/CVE-2021-20180 https://access.redhat.com/security/cve/CVE-2016-5766 |
Applikationen: | Red Hat Ansible Tower |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Ansible Tower 3.6.7-1 - Container security and bug fix update Advisory ID: RHSA-2021:0778-01 Product: Red Hat Ansible Tower Advisory URL: https://access.redhat.com/errata/RHSA-2021:0778 Issue date: 2021-03-09 CVE Names: CVE-2016-5766 CVE-2018-20843 CVE-2019-11719 CVE-2019-11727 CVE-2019-11756 CVE-2019-12749 CVE-2019-14866 CVE-2019-15903 CVE-2019-17006 CVE-2019-17023 CVE-2019-17498 CVE-2019-19956 CVE-2019-20372 CVE-2019-20388 CVE-2019-20907 CVE-2020-1971 CVE-2020-6829 CVE-2020-7595 CVE-2020-8177 CVE-2020-10543 CVE-2020-10878 CVE-2020-11022 CVE-2020-11023 CVE-2020-12243 CVE-2020-12400 CVE-2020-12401 CVE-2020-12402 CVE-2020-12403 CVE-2020-12723 CVE-2020-35678 CVE-2021-20178 CVE-2021-20180 CVE-2021-20191 CVE-2021-20228 CVE-2021-20253 ===================================================================== 1. Summary: Red Hat Ansible Tower 3.6.7-1 - RHEL7 Container Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Security Fix(es): * Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253 * Upgraded to a more recent version of nginx to address CVE-2019-20372 * Upgraded to a more recent version of autobahn to address CVE-2020-35678 * Upgraded to a more recent version of jquery to address CVE-2020-11022 and CVE-2020-11023 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Passing HTML containing |