-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: security update - Red Hat Ansible Tower 3.6.6-1 - RHEL7 Container Advisory ID: RHSA-2020:4137-01 Product: Red Hat Ansible Tower Advisory URL: https://access.redhat.com/errata/RHSA-2020:4137 Issue date: 2020-09-30 CVE Names: CVE-2020-14365 CVE-2020-25626 ==================================================================== 1. Summary: Red Hat Ansible Tower 3.6.6-1 - RHEL7 Container 2. Description: * Fixed an XSS vulnerability (CVE-2020-25626) * Fixed the Red Hat sosreport tool to no longer include the Ansible Tower SECRET_KEY value * Fixed the Ansible Tower installer so that it is now compatible with the latest supported Red Hat OpenShift Container Platforms 3.x and 4.x 3. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1878635 - CVE-2020-25626 django-rest-framework: XSS Vulnerability in API viewer 5. References: https://access.redhat.com/security/cve/CVE-2020-14365 https://access.redhat.com/security/cve/CVE-2020-25626 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3STxNzjgjWX9erEAQgzbQ//ekglctyL7PFDT5maarBz05nzh9A02u8a UVrXaEKNnlSAsqGm9M5CP3H1No8IUChq7oqh7NID+jBVN3U8ZqhZcviL9uzD7AFG 0zqkmxaAiZUKCGcEfg0GHxllIXKaRtWFfYFq/OUcDBmVP6pdYgE3fZabFKtuoNdh 0CSPkOE0QzZBz3qST5BLPTVZxa00DocxP1MYgrrRC/uE7qfN5N8Ll1R9rzdhXL19 PHJQkUlgqpl7PJD6Ylh2Om/M36nwf3OOjOLt0YKAdyDjywnUFDObwIEDgp046IvU vnofU8VOShtT4MBCudJn245Dxj1oaN/ZU+RiDcGYcJ1yPixNO7lgfHinxs0XSbfj Z1CvuL7hOOKfu7YWfS7UZZzFXGZzefPrw7rdaTQDL+BOXQmRYh3G7UsgyUOdgIMm yXcJuFPc/j7+8f77lp1qEm1vqQyjfZxLlcnhldLi73KidEjTR1oAMPHm4kYMYG/t FazbOO/2kHNNAGBNcUZS22i0xMRXIPHRSIARsBa36+tVTQflpsYm9TCiMCS8QNFF BqIBBqbUorTyUNJ9dhLoMNlp//+W2MfqCtCW3R/uLgQg31AI8RpOP7sATYRPNO40 FHhsk2V926Quk0JQA1J8AISIelruoBZbwwu+yhUc1NecbPc3Ge856wy4/7XQH0ny PkT1TsyBhYI=Ma/a -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce