-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container Advisory ID: RHSA-2019:4243-01 Product: Red Hat Ansible Tower Advisory URL: https://access.redhat.com/errata/RHSA-2019:4243 Issue date: 2019-12-16 CVE Names: CVE-2019-19340 CVE-2019-19341 CVE-2019-19342 ==================================================================== 1. Summary: Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container 2. Description: * Added a command to generate a new SECRET_KEY and rekey the database * Removed the guest user from the optionally-configured RabbitMQ admin interface (CVE-2019-19340) * Fixed slow queries for /api/v2/instances and /api/v2/instance_groups when smart inventories are used * Fixed assorted issues with preserving permissions in the Ansible Tower backup playbook (CVE-2019-19341) * Fixed a partial password disclosure when special characters existed in the RabbitMQ password (CVE-2019-19342) * Fixed hang in error handling for source control checkouts * Fixed an error on subsequent job runs that override the branch of a project on an instance that did not have a prior project checkout * Fixed an issue where supervisord would not shut down correctly * Fixed an issue where jobs launched in isolated or container groups would incorrectly timeout * Fixed link to instance groups documentation in the user interface * Fixed retrieval of Red Hat subscription data when running in OpenShift * Fixed editing of inventory on Workflow templates * Fixed multiple issues with OAuth2 token cleanup system jobs * Fixed custom email notifications for workflow approve and deny * Updated SAML implementation to automatically log if authorization exists * Updated AngularJS to 1.7.9 for CVE-2019-10768 * Updated installer to not install PostgreSQL server on all nodes * Updated bundled installer to contain both Red Hat Enterprise Linux 7 and 8 builds 3. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1782623 - CVE-2019-19342 Tower: special characters in RabbitMQ passwords causes web socket 500 error 1782624 - CVE-2019-19340 Tower: enabling RabbitMQ manager in the installer exposes the management interface publicly 1782625 - CVE-2019-19341 Tower: intermediate files during Tower backup are world-readable 5. References: https://access.redhat.com/security/cve/CVE-2019-19340 https://access.redhat.com/security/cve/CVE-2019-19341 https://access.redhat.com/security/cve/CVE-2019-19342 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXffO0tzjgjWX9erEAQjwLQ/+NfHPbunRnDxqjxWlFYKgzkge6P7m215j E5pVV/jPas2RVjCwjTK/VHnRscJDbLEaSAkGVzW3lbqyf7xxC+WTFq8Ga8D/zS9n XSVU7Azv6CcmBchMQu2Y+QTkdVQcWpcvhOTqZ+P4zKTb24xfL8YpQtMRvJFZgE1h u57G29WVl0WaseQYhSqgVDcODmBmLEpYZmzoJ/aDGJQ+6hIpSs+NIcE7Au2U+qGv 5r0Yd+jg6Dz6hcQe2Y4ed7ARUPrjseHK+wKO6ZcfbjhsvpCKr3NNqDn80Pe8v+3+ uj7SDHQlFGMH1nUjakawUxRpVmug30xB8/GqeKJmpLMmLNzBhw0xkeeVWbVkNNr1 ikCHI/dWIppZ3YbvtVyLEZWPMBXvrkyGkelMQKRzLYL9eReiMs/KwJFVbmKllLsz 7XN0kqgl8IWTYNppaJP93awRs0/7AYTGsdE3l53jRurGo1ab5gHYQonctKlGFZCf X2gxnHUWACDZHkLcZ1L7tidTGfGse+0K7UM5w999Pfv8drMOTih4CAkW8g58FKb2 3WobokIqsl8YOPxrGu+K5iHf/swtXns/8oLXh768BS+PGR7gf1sfTa5XlhCi4FLf 0SNwoMbqo7DQPwqmLxXbsH5GOFOFbjTvV5Nz0blyJaxtslHgNuCKj9wNiWdXDLTT 7lp2D94ffiM=PZJz -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce