-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: security update - Red Hat Ansible Tower 3.7.3-1 - RHEL7 Container Advisory ID: RHSA-2020:4136-01 Product: Red Hat Ansible Tower Advisory URL: https://access.redhat.com/errata/RHSA-2020:4136 Issue date: 2020-09-30 CVE Names: CVE-2020-14365 CVE-2020-25626 ==================================================================== 1. Summary: Red Hat Ansible Tower 3.7.3-1 - RHEL7 Container 2. Description: * Updated to the latest version of the git-python library to no longer cause certain jobs to fail * Updated to the latest version of the ovirt.ovirt collection to no longer cause connections to hang when syncing inventory from oVirt/RHV * Added a number of optimizations to Ansible Tower's callback receiver to improve the speed of stdout processing for simultaneous playbooks runs * Added an optional setting to disable the auto-creation of organizations and teams on successful SAML login * Fixed an XSS vulnerability (CVE-2020-25626) * Fixed a slow memory leak in the Daphne process * Fixed Automation Analytics data gathering to no longer fail for customers with large datasets * Fixed scheduled jobs that run every X minute(s) or hour(s) to no longer fail to run at the proper time * Fixed delays in Ansible Tower's task manager when large numbers of simultaneous jobs are scheduled * Fixed the performance for playbooks that store large amounts of data using the set_stats module * Fixed the awx-manage remove_from_queue tool when used with isolated nodes * Fixed an issue that prevented jobs from being properly marked as canceled when Tower is backed up and then restored to another environment 3. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1878635 - CVE-2020-25626 django-rest-framework: XSS Vulnerability in API viewer 5. References: https://access.redhat.com/security/cve/CVE-2020-14365 https://access.redhat.com/security/cve/CVE-2020-25626 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3STrNzjgjWX9erEAQjacg//aPaDOirEblGdQwQd+PZEIylBv0mfeaVE M25xAnTJCWpzeC6C8Vd5BKzIsAihNfMjTBGQi6x7b7PrIubd/d3uKYaLsRpsaQHz KQL8gbxuNwWid85HJLvcyh2WRjoW7GAKpvdjh3IjyjTp8c3dkERvjT+LcODE5Mt0 zjUon37FzWZdX4d1heDc3seUtTSpAjskoQ4Dy2qDWC0cyJKSFFqZxWmE/rzBt79r 4niDYCcaEfiiy4lCYqr0qObYvf1hS9sHrD5SVZQYzzfxlL3zNPONUaKwwu1yatcY Sr/o4LdNIUWn04vjxRx6mZNpsJ5+t1Q+YhYGHNtxtE2cy30p+JxpaeJnL50s/VM7 jdQF1/NqcA9F1RKpaquwm3HMPWMvdlzynP5TN+9PdEeT6iCqIXd0Q+scMxGLlhVw zyGU+zlACa9rrSe8DBeS0x3KayydyU7e45mKEJtUHeUYwfPw5rlV/kK05qf7CfMg X7VU6087uU4SAnH5E6Uw8xVibjgAzuSu0GQ/clWdpfiMK85dhdIUGyqYbCOVpFKj /fi0I9N8NAWLItO0OvuWZwjWcOGFQFYw2n+uPo/+Z3XV/oeps4A/KuBrWDnYhvg4 CVzWCpKX//iVaJNWyFwmtitzYRw4couZexR5DdIEABJ2bvydo4gWVQrXNrICLTz3 2v4EqCCyi3U=O51G -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce