Issued:

2020-11-30

Updated:

2020-11-30

RHSA-2020:5249 - Moderate: security update - Red Hat Ansible Tower 3.7.4-1 - RHEL7 Container

Synopsis

Moderate: security update - Red Hat Ansible Tower 3.7.4-1 - RHEL7 Container

Type/Severity

Security Advisory Moderate

Topic

Red Hat Ansible Tower 3.7.4-1 - RHEL7 Container

Description

• Fixed two jQuery vulnerabilities (CVE-2020-11022, CVE-2020-11023)
• Improved Ansible Tower's web service configuration to allow for processing more simultaneous HTTP(s) requests by default
• Updated several dependencies of Ansible Tower's User Interface to address (CVE-2020-7720, CVE-2020-7743, CVE-2020-7676)
• Updated to the latest version of python-psutil to address CVE-2019-18874
• Added several optimizations to improve performance for a variety of high-load simultaneous job launch use cases
• Fixed workflows to no longer prevent certain users from being able to edit approval nodes
• Fixed confusing behavior for social auth logins across distinct browser tabs
• Fixed launching of Job Templates that use prompt-at-launch Ansible Vault credentials

Solution

For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html

Affected Products

Fixes

• This content is not included.BZ - 1828406
• This content is not included.BZ - 1850004

CVEs

• CVE-2019-18874
• CVE-2020-7676
• CVE-2020-7720
• CVE-2020-7743
• CVE-2020-11022
• CVE-2020-11023

References

• https://access.redhat.com/security/updates/classification/#moderate

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.