Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2021:0780: Red Hat Security Advisory: Red Hat Ansible Tower 3.8.2-1 - Container security and bug fix update

Red Hat Ansible Tower 3.8.2-1 - Container Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Security Fix(es):

  • Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253
  • Upgraded to a more recent version of Django to address CVE-2021-3281.
  • Upgraded to a more recent version of autobahn to address CVE-2020-35678. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es):
  • Upgraded to the latest oVirt inventory plugin to resolve a number of inventory syncing issues that can occur on RHEL7.
  • Upgraded to the latest theforeman.foreman inventory plugin to resolve a few bugs and performance regressions.
  • Fixed several issues related to how Tower rotates its log files.
  • Fixed a bug which can prevent Tower from installing on RHEL8 with certain non-en_US.UTF-8 locales.
  • Fixed a bug which can cause unanticipated delays in certain playbook output.
  • Fixed a bug which can cause job runs to fail for playbooks that print certain types of raw binary data.
  • Fixed a bug which can cause unnecessary records in the Activity Stream when Automation Analytics data is collected.
  • Fixed a bug which can cause Tower PostgreSQL backups to fail when a non-default PostgreSQL username is specified.
  • Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches.
  • Fixed a bug which can cause certain long-running jobs running on isolated nodes to unexpectedly fail. Related CVEs:
  • CVE-2020-35678: python-autobahn: allows redirect header injection
  • CVE-2021-3281: django: Potential directory-traversal via archive.extract()
  • CVE-2021-20253: ansible-tower: Privilege escalation via job isolation escape
Red Hat Security Data
Open in Source
#sql#vulnerability#red_hat

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data