drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Red Hat Ansible Tower
| Name: |
Zwei Probleme in Red Hat Ansible Tower |
|
| ID: |
RHSA-2020:4136-01 |
|
| Distribution: |
Red Hat |
|
| Plattformen: |
Red Hat Ansible Tower |
|
| Datum: |
Mi, 30. September 2020, 19:19 |
|
| Referenzen: |
https://access.redhat.com/security/cve/CVE-2020-14365
https://access.redhat.com/security/cve/CVE-2020-25626 |
|
| Applikationen: |
Red Hat Ansible Tower |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: security update - Red Hat Ansible Tower 3.7.3-1 -
RHEL7 Container
Advisory ID: RHSA-2020:4136-01
Product: Red Hat Ansible Tower
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4136
Issue date: 2020-09-30
CVE Names: CVE-2020-14365 CVE-2020-25626
=====================================================================
1. Summary:
Red Hat Ansible Tower 3.7.3-1 - RHEL7 Container
2. Description:
* Updated to the latest version of the git-python library to no longer
cause certain jobs to fail
* Updated to the latest version of the ovirt.ovirt collection to no longer
cause connections to hang when syncing inventory from oVirt/RHV
* Added a number of optimizations to Ansible Tower's callback receiver to
improve the speed of stdout processing for simultaneous playbooks runs
* Added an optional setting to disable the auto-creation of organizations
and teams on successful SAML login
* Fixed an XSS vulnerability (CVE-2020-25626)
* Fixed a slow memory leak in the Daphne process
* Fixed Automation Analytics data gathering to no longer fail for customers
with large datasets
* Fixed scheduled jobs that run every X minute(s) or hour(s) to no longer
fail to run at the proper time
* Fixed delays in Ansible Tower's task manager when large numbers of
simultaneous jobs are scheduled
* Fixed the performance for playbooks that store large amounts of data
using the set_stats module
* Fixed the awx-manage remove_from_queue tool when used with isolated nodes
* Fixed an issue that prevented jobs from being properly marked as canceled
when Tower is backed up and then restored to another environment
3. Solution:
For information on upgrading Ansible Tower, reference the Ansible Tower
Upgrade and Migration Guide:
https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/
index.html
4. Bugs fixed (https://bugzilla.redhat.com/):
1878635 - CVE-2020-25626 django-rest-framework: XSS Vulnerability in API viewer
5. References:
https://access.redhat.com/security/cve/CVE-2020-14365
https://access.redhat.com/security/cve/CVE-2020-25626
https://access.redhat.com/security/updates/classification/#moderate
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX3STrNzjgjWX9erEAQjacg//aPaDOirEblGdQwQd+PZEIylBv0mfeaVE
M25xAnTJCWpzeC6C8Vd5BKzIsAihNfMjTBGQi6x7b7PrIubd/d3uKYaLsRpsaQHz
KQL8gbxuNwWid85HJLvcyh2WRjoW7GAKpvdjh3IjyjTp8c3dkERvjT+LcODE5Mt0
zjUon37FzWZdX4d1heDc3seUtTSpAjskoQ4Dy2qDWC0cyJKSFFqZxWmE/rzBt79r
4niDYCcaEfiiy4lCYqr0qObYvf1hS9sHrD5SVZQYzzfxlL3zNPONUaKwwu1yatcY
Sr/o4LdNIUWn04vjxRx6mZNpsJ5+t1Q+YhYGHNtxtE2cy30p+JxpaeJnL50s/VM7
jdQF1/NqcA9F1RKpaquwm3HMPWMvdlzynP5TN+9PdEeT6iCqIXd0Q+scMxGLlhVw
zyGU+zlACa9rrSe8DBeS0x3KayydyU7e45mKEJtUHeUYwfPw5rlV/kK05qf7CfMg
X7VU6087uU4SAnH5E6Uw8xVibjgAzuSu0GQ/clWdpfiMK85dhdIUGyqYbCOVpFKj
/fi0I9N8NAWLItO0OvuWZwjWcOGFQFYw2n+uPo/+Z3XV/oeps4A/KuBrWDnYhvg4
CVzWCpKX//iVaJNWyFwmtitzYRw4couZexR5DdIEABJ2bvydo4gWVQrXNrICLTz3
2v4EqCCyi3U=
=O51G
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
|
|
|
|
