Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2020-3329:01 Moderate: Red Hat Ansible Tower 3.6.5-1 - RHEL7

    Date
    313
    Posted By
    Red Hat Ansible Tower 3.6.5-1 - RHEL7 Container 2. Description: * Removed reports option for Satellite inventory script * Fixed Tower Server Side Request Forgery on Credentials (CVE-2020-14327)
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: Red Hat Ansible Tower 3.6.5-1 - RHEL7 Container
    Advisory ID:       RHSA-2020:3329-01
    Product:           Red Hat Ansible Tower
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3329
    Issue date:        2020-08-05
    CVE Names:         CVE-2020-14327 
    =====================================================================
    
    1. Summary:
    
    Red Hat Ansible Tower 3.6.5-1 - RHEL7 Container
    
    2. Description:
    
    * Removed reports option for Satellite inventory script
    * Fixed Tower Server Side Request Forgery on Credentials (CVE-2020-14327)
    * Fixed the ``Job Type`` field to render properly when editing a Job
    Template
    * Fixed a notable delay running large project update clones
    * Fixed Tower to properly sync host facts for Red Hat Satellite 6.7
    inventories
    * Fixed installations on Red Hat OpenShift 4.3 to no longer fail
    * Fixed the usage of certain SSH keys on RHEL8 when FIPS is enabled to work
    properly
    * Fixed upgrades from 3.5 to 3.6 on RHEL8 in order for PostgreSQL client
    libraries to be upgraded on Tower nodes, which fixes the backup/restore
    function
    * Fixed credential lookups from CyberArk AIM to no longer fail unexpectedly
    * Fixed the ability to add a user to an organization when they already had
    roles in the organization
    * Fixed manually added host variables to no longer be removed on VMWare
    vCenter inventory syncs
    * Fixed a number of issues related to Tower’s reporting of metrics to Red
    Hat Automation Analytics
    
    3. Solution:
    
    For information on upgrading Ansible Tower, reference the Ansible Tower
    Upgrade and Migration Guide:
    https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/
    index.html
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1856785 - CVE-2020-14327 Tower: SSRF: Server Side Request Forgery on Credential
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2020-14327
    https://access.redhat.com/security/updates/classification/#moderate
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXyrG7tzjgjWX9erEAQjTpA/9EkZENU9KqxjLw4K1CynuMe4NmCMsphgJ
    K8PPdrQNcGbZyAdFPoX0c1zzHWsEFJ8pcwGN4zO+qh3lpm2AuxJ3xiz8JRNMy62o
    87qoVUbuP1RSWlkdkldK49j3XQcYs2LzWaokM9Y5H/wRGfaRDhg3Og4pOH4Lnkqi
    GK8UGLcxFkS0MCkIad7Uh0MrcvQ/5h3ijD9xWdg4/R2AxvOqn2RoW26clPJOZLVB
    QCP04WyUascWjBQBZHNBfdPqvJ1CfGrHnXcnRpNF7GdSPjCWtRBS9OyMjFVDz2a/
    9TA5WflLRhtVxB2FEFxeStewSsv9zOwSbu44Lf/6SDr1HlpKDR8PcViIlM+X6+N0
    H1AevHi3H/uXTpGTLlTBlXG1BcJ8VGgP4FTu5N4y1gCoO7dAKyD1uMrDNAE3U5o0
    bnNDo6nG2zJ9OuVgBEzyGUzxsX41mfRYs6dV/0hiKfzX7ZBu2tckLRUmGX0itLhT
    iiDUuDdffjBkUXRqYifBsW3cUttwR/nvFFLGyZMXLDJasd1YV2p4hXfto1rsUui/
    XMVSJ+UrmqsLgmzlSnzM7w/HfheUy8+3xBJyVUUB7vHPM8Ajo29yLauCkGXl70T3
    Dqv0lC4dD76a4d8KcVZPghW2benk5cIeYVSD94EnzllEje4pesS9p0eSqmQC7Amd
    F44f3+Z1Q9Y=
    =1XgD
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    Advisories

    LinuxSecurity Poll

    Tails is the most secure Linux distro out there.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/41-ubuntu-is-a-more-secure-distro-than-fedora?task=poll.vote&format=json
    41
    radio
    [{"id":"142","title":"Yes - Tails get my vote!","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"143","title":"Nope - Parrot OS has surpassed Tails in its security and privacy.","votes":"0","type":"x","order":"2","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.