- Issued:
- 2020-04-22
- Updated:
- 2020-06-30
RHBA-2020:1539 - Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container
Synopsis
Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container
Type/Severity
Bug Fix Advisory None
Topic
(none)
Description
- Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)
- Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)
- Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)
- Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109
Solution
(none)
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Ansible Tower | 3.5 | x86_64 |
Fixes
(none)
CVEs
- CVE-2015-2716
- CVE-2015-8035
- CVE-2016-5131
- CVE-2017-15412
- CVE-2017-18258
- CVE-2018-10360
- CVE-2018-14404
- CVE-2018-14567
- CVE-2018-18074
- CVE-2018-20060
- CVE-2018-20852
- CVE-2019-3820
- CVE-2019-5436
- CVE-2019-9924
- CVE-2019-11236
- CVE-2019-16056
- CVE-2019-17041
- CVE-2019-17042
- CVE-2020-1734
- CVE-2020-1735
- CVE-2020-1736
- CVE-2020-1737
- CVE-2020-1738
- CVE-2020-1739
- CVE-2020-1740
- CVE-2020-1746
- CVE-2020-1753
- CVE-2020-10684
- CVE-2020-10685
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.