exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2020-4136-01

Red Hat Security Advisory 2020-4136-01
Posted Sep 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4136-01 - Updated to the latest version of the git-python library to no longer cause certain jobs to fail Updated to the latest version of the ovirt.ovirt collection to no longer cause connections to hang when syncing inventory from oVirt/RHV Added a number of optimizations to Ansible Tower's callback receiver to improve the speed of stdout processing for simultaneous playbooks runs Added an optional setting to disable the auto-creation of organizations and teams on successful SAML login Fixed an XSS vulnerability Fixed a slow memory leak in the Daphne process Fixed Automation Analytics data gathering to no longer fail for customers with large datasets Fixed scheduled jobs that run every X minute or hour to no longer fail to run at the proper time Fixed delays in Ansible Tower's task manager when large numbers of simultaneous jobs are scheduled Fixed the performance for playbooks that store large amounts of data using the set_stats module Fixed the awx-manage remove_from_queue tool when used with isolated nodes Fixed an issue that prevented jobs from being properly marked as canceled when Tower is backed up and then restored to another environment. Issues addressed include cross site scripting and memory leak vulnerabilities.

tags | advisory, vulnerability, xss, memory leak, python
systems | linux, redhat
advisories | CVE-2020-14365, CVE-2020-25626
SHA-256 | d35bdae114c99ede1a241ed0ae74cb3f31fecb568f0fd7025cd59c44c369df33

Red Hat Security Advisory 2020-4136-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: security update - Red Hat Ansible Tower 3.7.3-1 - RHEL7 Container
Advisory ID: RHSA-2020:4136-01
Product: Red Hat Ansible Tower
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4136
Issue date: 2020-09-30
CVE Names: CVE-2020-14365 CVE-2020-25626
====================================================================
1. Summary:

Red Hat Ansible Tower 3.7.3-1 - RHEL7 Container

2. Description:

* Updated to the latest version of the git-python library to no longer
cause certain jobs to fail
* Updated to the latest version of the ovirt.ovirt collection to no longer
cause connections to hang when syncing inventory from oVirt/RHV
* Added a number of optimizations to Ansible Tower's callback receiver to
improve the speed of stdout processing for simultaneous playbooks runs
* Added an optional setting to disable the auto-creation of organizations
and teams on successful SAML login
* Fixed an XSS vulnerability (CVE-2020-25626)
* Fixed a slow memory leak in the Daphne process
* Fixed Automation Analytics data gathering to no longer fail for customers
with large datasets
* Fixed scheduled jobs that run every X minute(s) or hour(s) to no longer
fail to run at the proper time
* Fixed delays in Ansible Tower's task manager when large numbers of
simultaneous jobs are scheduled
* Fixed the performance for playbooks that store large amounts of data
using the set_stats module
* Fixed the awx-manage remove_from_queue tool when used with isolated nodes
* Fixed an issue that prevented jobs from being properly marked as canceled
when Tower is backed up and then restored to another environment

3. Solution:

For information on upgrading Ansible Tower, reference the Ansible Tower
Upgrade and Migration Guide:
https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/
index.html

4. Bugs fixed (https://bugzilla.redhat.com/):

1878635 - CVE-2020-25626 django-rest-framework: XSS Vulnerability in API viewer

5. References:

https://access.redhat.com/security/cve/CVE-2020-14365
https://access.redhat.com/security/cve/CVE-2020-25626
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX3STrNzjgjWX9erEAQjacg//aPaDOirEblGdQwQd+PZEIylBv0mfeaVE
M25xAnTJCWpzeC6C8Vd5BKzIsAihNfMjTBGQi6x7b7PrIubd/d3uKYaLsRpsaQHz
KQL8gbxuNwWid85HJLvcyh2WRjoW7GAKpvdjh3IjyjTp8c3dkERvjT+LcODE5Mt0
zjUon37FzWZdX4d1heDc3seUtTSpAjskoQ4Dy2qDWC0cyJKSFFqZxWmE/rzBt79r
4niDYCcaEfiiy4lCYqr0qObYvf1hS9sHrD5SVZQYzzfxlL3zNPONUaKwwu1yatcY
Sr/o4LdNIUWn04vjxRx6mZNpsJ5+t1Q+YhYGHNtxtE2cy30p+JxpaeJnL50s/VM7
jdQF1/NqcA9F1RKpaquwm3HMPWMvdlzynP5TN+9PdEeT6iCqIXd0Q+scMxGLlhVw
zyGU+zlACa9rrSe8DBeS0x3KayydyU7e45mKEJtUHeUYwfPw5rlV/kK05qf7CfMg
X7VU6087uU4SAnH5E6Uw8xVibjgAzuSu0GQ/clWdpfiMK85dhdIUGyqYbCOVpFKj
/fi0I9N8NAWLItO0OvuWZwjWcOGFQFYw2n+uPo/+Z3XV/oeps4A/KuBrWDnYhvg4
CVzWCpKX//iVaJNWyFwmtitzYRw4couZexR5DdIEABJ2bvydo4gWVQrXNrICLTz3
2v4EqCCyi3U=O51G
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close