-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Ansible Tower 3.6.5-1 - RHEL7 Container Advisory ID: RHSA-2020:3329-01 Product: Red Hat Ansible Tower Advisory URL: https://access.redhat.com/errata/RHSA-2020:3329 Issue date: 2020-08-05 CVE Names: CVE-2020-14327 ===================================================================== 1. Summary: Red Hat Ansible Tower 3.6.5-1 - RHEL7 Container 2. Description: * Removed reports option for Satellite inventory script * Fixed Tower Server Side Request Forgery on Credentials (CVE-2020-14327) * Fixed the ``Job Type`` field to render properly when editing a Job Template * Fixed a notable delay running large project update clones * Fixed Tower to properly sync host facts for Red Hat Satellite 6.7 inventories * Fixed installations on Red Hat OpenShift 4.3 to no longer fail * Fixed the usage of certain SSH keys on RHEL8 when FIPS is enabled to work properly * Fixed upgrades from 3.5 to 3.6 on RHEL8 in order for PostgreSQL client libraries to be upgraded on Tower nodes, which fixes the backup/restore function * Fixed credential lookups from CyberArk AIM to no longer fail unexpectedly * Fixed the ability to add a user to an organization when they already had roles in the organization * Fixed manually added host variables to no longer be removed on VMWare vCenter inventory syncs * Fixed a number of issues related to Tower’s reporting of metrics to Red Hat Automation Analytics 3. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1856785 - CVE-2020-14327 Tower: SSRF: Server Side Request Forgery on Credential 5. References: https://access.redhat.com/security/cve/CVE-2020-14327 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXyrG7tzjgjWX9erEAQjTpA/9EkZENU9KqxjLw4K1CynuMe4NmCMsphgJ K8PPdrQNcGbZyAdFPoX0c1zzHWsEFJ8pcwGN4zO+qh3lpm2AuxJ3xiz8JRNMy62o 87qoVUbuP1RSWlkdkldK49j3XQcYs2LzWaokM9Y5H/wRGfaRDhg3Og4pOH4Lnkqi GK8UGLcxFkS0MCkIad7Uh0MrcvQ/5h3ijD9xWdg4/R2AxvOqn2RoW26clPJOZLVB QCP04WyUascWjBQBZHNBfdPqvJ1CfGrHnXcnRpNF7GdSPjCWtRBS9OyMjFVDz2a/ 9TA5WflLRhtVxB2FEFxeStewSsv9zOwSbu44Lf/6SDr1HlpKDR8PcViIlM+X6+N0 H1AevHi3H/uXTpGTLlTBlXG1BcJ8VGgP4FTu5N4y1gCoO7dAKyD1uMrDNAE3U5o0 bnNDo6nG2zJ9OuVgBEzyGUzxsX41mfRYs6dV/0hiKfzX7ZBu2tckLRUmGX0itLhT iiDUuDdffjBkUXRqYifBsW3cUttwR/nvFFLGyZMXLDJasd1YV2p4hXfto1rsUui/ XMVSJ+UrmqsLgmzlSnzM7w/HfheUy8+3xBJyVUUB7vHPM8Ajo29yLauCkGXl70T3 Dqv0lC4dD76a4d8KcVZPghW2benk5cIeYVSD94EnzllEje4pesS9p0eSqmQC7Amd F44f3+Z1Q9Y= =1XgD -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce