-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Automation Platform 1.2.5 security and bugfixes update Advisory ID: RHSA-2021:3473-01 Product: Red Hat Ansible Automation Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:3473 Issue date: 2021-09-08 CVE Names: CVE-2021-33503 ===================================================================== 1. Summary: An update is now available for Red Hat Automation Platform 1.2.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Automation Hub 4.2 for RHEL 7 - noarch, x86_64 Red Hat Automation Hub 4.2 for RHEL 8 - noarch, x86_64 3. Description: Red Hat Ansible Automation Platform integrates Red Hat’s automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine, and use-case specific capabilities for Microsoft Windows,network, security, and more, along with Software-as-a-Service (SaaS)-based capabilities and features for organization-wide effectiveness. Security Fix(es): * python-urllib3: Catastrophic backtracking in URL authority parser (CVE-2021-33503) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1968074 - CVE-2021-33503 python-urllib3: ReDoS in the parsing of authority part of URL 6. Package List: Red Hat Automation Hub 4.2 for RHEL 7: Source: automation-hub-4.2.6-1.el7pc.src.rpm python-galaxy-ng-4.2.6-1.el7pc.src.rpm python-requests-2.25.1-1.el7pc.src.rpm python-urllib3-1.26.5-1.el7pc.src.rpm python3-click-7.1.2-3.el7pc.src.rpm noarch: automation-hub-4.2.6-1.el7pc.noarch.rpm python3-chardet-3.0.4-3.el7pc.noarch.rpm python3-click-7.1.2-3.el7pc.noarch.rpm python3-galaxy-ng-4.2.6-1.el7pc.noarch.rpm python3-gnupg-0.4.6-3.el7pc.noarch.rpm python3-jinja2-2.11.2-3.el7pc.noarch.rpm python3-requests-2.25.1-1.el7pc.noarch.rpm python3-semantic-version-2.8.5-3.el7pc.noarch.rpm python3-urllib3-1.26.5-1.el7pc.noarch.rpm x86_64: python3-markupsafe-1.1.1-4.el7pc.x86_64.rpm python3-markupsafe-debuginfo-1.1.1-4.el7pc.x86_64.rpm Red Hat Automation Hub 4.2 for RHEL 8: Source: automation-hub-4.2.6-1.el8pc.src.rpm python-galaxy-ng-4.2.6-1.el8pc.src.rpm python-requests-2.25.1-1.el8pc.src.rpm python-urllib3-1.26.5-1.el8pc.src.rpm noarch: automation-hub-4.2.6-1.el8pc.noarch.rpm python3-click-7.1.2-3.el8pc.noarch.rpm python3-galaxy-ng-4.2.6-1.el8pc.noarch.rpm python3-gnupg-0.4.6-3.el8pc.noarch.rpm python3-jinja2-2.11.2-3.el8pc.noarch.rpm python3-requests-2.25.1-1.el8pc.noarch.rpm python3-semantic-version-2.8.5-3.el8pc.noarch.rpm python3-urllib3-1.26.5-1.el8pc.noarch.rpm x86_64: python3-markupsafe-1.1.1-4.el8pc.x86_64.rpm python3-markupsafe-debuginfo-1.1.1-4.el8pc.x86_64.rpm python3-markupsafe-debugsource-1.1.1-4.el8pc.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-33503 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_ansible_automation_platform/1.2/html/red_hat_ansible_automation_platform_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYTkOENzjgjWX9erEAQgkkg/9HPbXh5Y2kqE3bD9OmEMjXc4bTTqzVXVO oDM3TQw6jNs8opP9IU5l3u9GlbPVsqVHnmRc8iN4WhWC7i2HqQV4ycu0BQq5LMrd DPzTY6I8RNjkmmTIXauPsDda0AqW+AaBm7JJGB2YMxHJ4YAO+nMo1iptmqBRStoX 4fnmX9NED4uPz3hv+fhXDai84OewX70CPxadcog3Q4+dIAuHclunBn6ErDtQgEGl 40NqbNFgDcv0MQ/gSO2H7OJQLFuTsIdk0uJxx8J0sHPLLRqdKlwdoYEox744VxZ5 RpKVTt7AEiAUuQxRLSgoTLm2wpqw/BlkjHkWLlFfs+u+hiPe6esB7nEl1MLiGC+T hr5i70BEp2MNhi0QGkY3CRsb9+e1KKtsrIO8fThypnfMGxO+qw66rA73Dosj7eRM 8bmfdYR5WQepYD0+Pmpa04IkheF3j93uqD1DLxc0TtsO5wmO2tzlrUuJyepXpiOD IQIzDxtVPZqfO8e9V563vIYXsRnaQUqID0vzG09MIutx9cOwugbRV/BI2DsSiK7V X1v/ehZz7ybXYYkLRYtg6RRGIX3hUi0Yw0ijbh18qd4XrBhzDaYDDsnBIctWOyrN gbENWxoRIlfLIRG5m+bNCh1WoviBdt9bP0YS+Jtx48GcQIDMJQpa/U3t73r9h6hc IF9mKVY3M2Y= =7nq3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce