-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Ansible security and bug fix update (2.9.13) Advisory ID: RHSA-2020:3602-01 Product: Red Hat Ansible Engine Advisory URL: https://access.redhat.com/errata/RHSA-2020:3602 Issue date: 2020-09-01 CVE Names: CVE-2020-14365 ==================================================================== 1. Summary: An update for ansible is now available for Ansible Engine 2 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Ansible Engine 2 for RHEL 7 - noarch Red Hat Ansible Engine 2 for RHEL 8 - noarch 3. Description: Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.9.13) Bug Fix(es): * CVE-2020-14365 ansible: dnf module install packages with no GPG signature See: https://github.com/ansible/ansible/blob/v2.9.13/changelogs/CHANGELOG-v2.9.r st for details on bug fixes in this release. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1869154 - CVE-2020-14365 ansible: dnf module install packages with no GPG signature 6. Package List: Red Hat Ansible Engine 2 for RHEL 7: Source: ansible-2.9.13-1.el7ae.src.rpm noarch: ansible-2.9.13-1.el7ae.noarch.rpm ansible-test-2.9.13-1.el7ae.noarch.rpm Red Hat Ansible Engine 2 for RHEL 8: Source: ansible-2.9.13-1.el8ae.src.rpm noarch: ansible-2.9.13-1.el8ae.noarch.rpm ansible-test-2.9.13-1.el8ae.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-14365 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX06iGNzjgjWX9erEAQgscw/8D1OlSiucfMwTa5R9sXazGBluGAPuvv5y Ls4jf7pJYXQJ1ooPeWHJqqwsBQ05bOZIqDPN1ElPuh69OTKDN4pBY2CotRW8hpoy 5dPhhqL5h8ur4bYM75gwiVuuWHo2SwlpuXiEWLqoUTcs+5KbD4GE2WamM7pndLnj /fQSd2cUidGCubRBiP4PPsKDnFPO2/JMAzdvzphEzYaaoAG6HmMcwaMhnK5zRyc5 ep8cWmOkVhClf06q3eGbF+vfZwlR08e/aHbFxllGokO86L8j6EHEXqlunTX8Yh0c XOHS9ly/nYDhiUxlrwPjLEiHfOb8+mC/hzDZX1aA0rB/W/jVKkXGf5LajnqJ5m+m BQ6a2dVTC8Pi5mWBB5dG/XvC7xam8S8XJr3TjATjU1nq7c9TVwavlTkgwgeIsmsN lkf7VI0WV9vWDLYWCEZOWNNVWRwJDFJRqDVng+qjaskhA1Tz5KTLSwzMkG4/cNbe 8PnAlhWjdSwYzcRvZhaLE/ClQs15sdzurF2G4D4NuKc/JR9+TBjWe4Kl7s4yjVj6 aQntysmW/uSgm+cghCVYlAXCvC7nXWVrDf1wLojmXSG4zWmig6lsapx24SsL1R4C 5PC8OoqLSqQis4xi2mL8pwnBJ/mIac1e0n5pV7fQYYuUmcKKzF2EGYIT820Qe9B4 3OmVDP3Hq3Y=+H3h -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce