What Are You Looking For?

Sign Up
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Critical: Red Hat Ansible Tower 3.3.1-2 Release - Container Image
Advisory ID:       RHSA-2018:3505-01
Product:           Red Hat Ansible Tower
Advisory URL:      Issue date:        2018-11-06
CVE Names:         CVE-2015-9262 CVE-2016-9396 CVE-2017-3735 
                   CVE-2017-18267 CVE-2017-1000050 CVE-2018-0495 
                   CVE-2018-0732 CVE-2018-0737 CVE-2018-0739 
                   CVE-2018-1060 CVE-2018-1061 CVE-2018-10733 
                   CVE-2018-10767 CVE-2018-10768 CVE-2018-10844 
                   CVE-2018-10845 CVE-2018-10846 CVE-2018-12384 
                   CVE-2018-12910 CVE-2018-13988 CVE-2018-14679 
                   CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 
                   CVE-2018-16837 CVE-2018-17456 CVE-2018-1000805 
====================================================================
1. Summary:

Security Advisory

2. Description:

Red Hat Ansible Tower 3.3.1 is now available and contains the following bug
fixes:

- - Fixed event callback error when in-line vaulted variables are used with
``include_vars``
- - Fixed HSTS and X-Frame-Options to properly be set in nginx configuration
- - Fixed isolated node setup to no longer fail when ``ansible_host`` is used
- - Fixed selection of custom virtual environments in job template creation  
- - Fixed websockets for job details to properly work
- - Fixed the ``/api/v2/authtoken`` compatibility shim
- - Fixed page size selection on the jobs screen
- - Fixed instances in an instance group to properly be disabled in the user
interface
- - Fixed the job template selection in workflow creation to properly render
- - Fixed ``member_attr`` to properly set on some LDAP configurations during
upgrade, preventing login
- - Fixed ``PosixUIDGroupType`` LDAP configurations
- - Improved the RAM requirement in the installer preflight check
- - Updated Tower to properly report an error when relaunch was used on a set
of failed hosts that is too large
- - Updated sosreport configuration to gather more python environment, nginx,
and supervisor configuration
- - Fixed display of extra_vars for scheduled jobs

3. Solution:

The Ansible Tower Upgrade and Migration Guide is available at:
https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/
index.html

4. References:

https://access.redhat.com/security/cve/CVE-2015-9262
https://access.redhat.com/security/cve/CVE-2016-9396
https://access.redhat.com/security/cve/CVE-2017-3735
https://access.redhat.com/security/cve/CVE-2017-18267
https://access.redhat.com/security/cve/CVE-2017-1000050
https://access.redhat.com/security/cve/CVE-2018-0495
https://access.redhat.com/security/cve/CVE-2018-0732
https://access.redhat.com/security/cve/CVE-2018-0737
https://access.redhat.com/security/cve/CVE-2018-0739
https://access.redhat.com/security/cve/CVE-2018-1060
https://access.redhat.com/security/cve/CVE-2018-1061
https://access.redhat.com/security/cve/CVE-2018-10733
https://access.redhat.com/security/cve/CVE-2018-10767
https://access.redhat.com/security/cve/CVE-2018-10768
https://access.redhat.com/security/cve/CVE-2018-10844
https://access.redhat.com/security/cve/CVE-2018-10845
https://access.redhat.com/security/cve/CVE-2018-10846
https://access.redhat.com/security/cve/CVE-2018-12384
https://access.redhat.com/security/cve/CVE-2018-12910
https://access.redhat.com/security/cve/CVE-2018-13988
https://access.redhat.com/security/cve/CVE-2018-14679
https://access.redhat.com/security/cve/CVE-2018-14680
https://access.redhat.com/security/cve/CVE-2018-14681
https://access.redhat.com/security/cve/CVE-2018-14682
https://access.redhat.com/security/cve/CVE-2018-16837
https://access.redhat.com/security/cve/CVE-2018-17456
https://access.redhat.com/security/cve/CVE-2018-1000805
https://access.redhat.com/security/updates/classification/#critical
RHSA-2018:3347

5. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW+G3u9zjgjWX9erEAQgAUhAAqRxiXQ+HEeMacLOOXiNtHZ91AdCbtZIX
O1xI1WdLJH9kEEgk526iQIfbom/1bxb2dRT5RJEbsNV0FdXBd6R259BGWLETt5TI
6sSIFhIpm0c2Gij0rDFTkc4MvUctC2PEqN55NaWGEyPJmOKS3kl4l7w39fYOfaXJ
VeyMrtB8XvqwuF3niMInoUjdQZGDQNFHrK5+zVl7rPy5GiecQLbL2Vnkw40Vh7jo
b6vsiZo/T5KNE31L4Iz7yhgdY04KHdhHC5+Ro6CWPjdrINCyn5zYiq53RwaO0QGW
eMsgsqLZMcg3wcuufsVshwiiLrCvkndNsF6QvxJiNwtejCnbyQURk/Nk5a8qar3n
B9A1QYhn48PGqRSVkWjP1UwN1Jrkm5h7iZfcUh8unKQ7TAXY3uyEZFqAmUYr9kA6
1KkhHpis7FsYO2ss/oU/fUolvEJ/h66CbnQbdNafVtPESkGAFfTPUdLB5g2GWJr5
Iz6k21HIsDbyU6mFpC54KGl+YGPpbc1dmrlZkrf3SPeLtUrNVfdBRn0TiUU0b5rF
9QIHJnbrdyYFT4UpElZpB6ef1aoTM3lNy4UyXV+y2MfyVkey3z4ODjRiBNG6EN6o
n40beq2ygg78+xAR4opzuuDoBsF03RkDDGzx+t4bMC0K1M7263qX0jRpS75YqQPb
XQt29l/WyEU=irbz
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2018-3505:01 Critical: Red Hat Ansible Tower 3.3.1-2 Release -

Security Advisory 2

Summary

Red Hat Ansible Tower 3.3.1 is now available and contains the following bug fixes:
- - Fixed event callback error when in-line vaulted variables are used with ``include_vars`` - - Fixed HSTS and X-Frame-Options to properly be set in nginx configuration - - Fixed isolated node setup to no longer fail when ``ansible_host`` is used - - Fixed selection of custom virtual environments in job template creation - - Fixed websockets for job details to properly work - - Fixed the ``/api/v2/authtoken`` compatibility shim - - Fixed page size selection on the jobs screen - - Fixed instances in an instance group to properly be disabled in the user interface - - Fixed the job template selection in workflow creation to properly render - - Fixed ``member_attr`` to properly set on some LDAP configurations during upgrade, preventing login - - Fixed ``PosixUIDGroupType`` LDAP configurations - - Improved the RAM requirement in the installer preflight check - - Updated Tower to properly report an error when relaunch was used on a set of failed hosts that is too large - - Updated sosreport configuration to gather more python environment, nginx, and supervisor configuration - - Fixed display of extra_vars for scheduled jobs



Summary


Solution

The Ansible Tower Upgrade and Migration Guide is available at: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html

References

https://access.redhat.com/security/cve/CVE-2015-9262 https://access.redhat.com/security/cve/CVE-2016-9396 https://access.redhat.com/security/cve/CVE-2017-3735 https://access.redhat.com/security/cve/CVE-2017-18267 https://access.redhat.com/security/cve/CVE-2017-1000050 https://access.redhat.com/security/cve/CVE-2018-0495 https://access.redhat.com/security/cve/CVE-2018-0732 https://access.redhat.com/security/cve/CVE-2018-0737 https://access.redhat.com/security/cve/CVE-2018-0739 https://access.redhat.com/security/cve/CVE-2018-1060 https://access.redhat.com/security/cve/CVE-2018-1061 https://access.redhat.com/security/cve/CVE-2018-10733 https://access.redhat.com/security/cve/CVE-2018-10767 https://access.redhat.com/security/cve/CVE-2018-10768 https://access.redhat.com/security/cve/CVE-2018-10844 https://access.redhat.com/security/cve/CVE-2018-10845 https://access.redhat.com/security/cve/CVE-2018-10846 https://access.redhat.com/security/cve/CVE-2018-12384 https://access.redhat.com/security/cve/CVE-2018-12910 https://access.redhat.com/security/cve/CVE-2018-13988 https://access.redhat.com/security/cve/CVE-2018-14679 https://access.redhat.com/security/cve/CVE-2018-14680 https://access.redhat.com/security/cve/CVE-2018-14681 https://access.redhat.com/security/cve/CVE-2018-14682 https://access.redhat.com/security/cve/CVE-2018-16837 https://access.redhat.com/security/cve/CVE-2018-17456 https://access.redhat.com/security/cve/CVE-2018-1000805 https://access.redhat.com/security/updates/classification/#critical RHSA-2018:3347

Package List


Severity
Advisory ID: RHSA-2018:3505-01
Product: Red Hat Ansible Tower
Advisory URL: Issued Date: : 2018-11-06
CVE Names: CVE-2015-9262 CVE-2016-9396 CVE-2017-3735 CVE-2017-18267 CVE-2017-1000050 CVE-2018-0495 CVE-2018-0732 CVE-2018-0737 CVE-2018-0739 CVE-2018-1060 CVE-2018-1061 CVE-2018-10733 CVE-2018-10767 CVE-2018-10768 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 CVE-2018-12384 CVE-2018-12910 CVE-2018-13988 CVE-2018-14679 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 CVE-2018-16837 CVE-2018-17456 CVE-2018-1000805

Topic

Security Advisory


Topic


 

Relevant Releases Architectures


Bugs Fixed


Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo