Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Red Hat: RHSA-2021-1079 Moderate Security Update for Ansible Platform

red hat
Calendar Grey April 9, 2021
Dist Redhat Esm H88
Remedies for various vulnerabilities identified in Red Hat Ansible Automation Platform Operator version 1.2 have been classified with a moderate level of security concern.
Red Hat Ansible Automation Platform Resource Operator 1.2 (technical preview) images that fix several security issues

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

Red Hat Ansible Automation Platform Resource Operator container images with security fixes.
Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform cluster, or on a traditional infrastructure that is running off-cluster.
Security fixes:
CVE-2021-20191 ansible: multiple modules expose secured values [ansible_automation_platform-1.2] (BZ#1916813)
CVE-2021-20178 ansible: user data leak in snmp_facts module [ansible_automation_platform-1.2] (BZ#1914774)
CVE-2021-20180 ansible: ansible module: bitbucket_pipeline_variable exposes secured values [ansible_automation_platform-1.2] (BZ#1915808)
CVE-2021-20228 ansible: basic.py no_log with fallback option [ansible_automation_platform-1.2] (BZ#1925002)
CVE-2021-3447 ansible: multiple modules expose secured values [ansible_automation_platform-1.2] (BZ#1939349)
For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory security issue Red Hat update red hat moderate impact security impact Ansible ansible automation operator update automation platform

References

https://access.redhat.com/security/cve/CVE-2017-12652 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-5094 https://access.redhat.com/security/cve/CVE-2019-5188 https://access.redhat.com/security/cve/CVE-2019-11719 https://access.redhat.com/security/cve/CVE-2019-11727 https://access.redhat.com/security/cve/CVE-2019-11756 https://access.redhat.com/security/cve/CVE-2019-12749 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-14973 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-17006 https://access.redhat.com/security/cve/CVE-2019-17023 https://access.redhat.com/security/cve/CVE-2019-17498 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-5313 https://access.redhat.com/security/cve/CVE-2020-6829 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-8177 Read the Full Advisory

Package List


Advisory ID: RHSA-2021:1079-01
Product: Red Hat Ansible Automation Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1079
Issue date: 2021-04-06
Keywords: Security Update

Topic

Red Hat Ansible Automation Platform Resource Operator 1.2 (technicalpreview) images that fix several security issues.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory security issue Red Hat update red hat moderate impact security impact Ansible ansible automation operator update automation platform

Relevant Releases Architectures

Bugs Fixed

1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module

1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values

1916813 - CVE-2021-20191 ansible: multiple modules expose secured values

1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option

1939349 - CVE-2021-3447 ansible: multiple modules expose secured values

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here