Red Hat 9042 Published by

A Red Hat Ansible Tower 3.7.3-1 - RHEL7 Container security update has been released.



RHSA-2020:4136-01: Moderate: security update - Red Hat Ansible Tower 3.7.3-1 - RHEL7 Container



=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: security update - Red Hat Ansible Tower 3.7.3-1 - RHEL7 Container
Advisory ID: RHSA-2020:4136-01
Product: Red Hat Ansible Tower
Advisory URL:   https://access.redhat.com/errata/RHSA-2020:4136
Issue date: 2020-09-30
CVE Names: CVE-2020-14365 CVE-2020-25626
=====================================================================

1. Summary:

Red Hat Ansible Tower 3.7.3-1 - RHEL7 Container

2. Description:

* Updated to the latest version of the git-python library to no longer
cause certain jobs to fail
* Updated to the latest version of the ovirt.ovirt collection to no longer
cause connections to hang when syncing inventory from oVirt/RHV
* Added a number of optimizations to Ansible Tower's callback receiver to
improve the speed of stdout processing for simultaneous playbooks runs
* Added an optional setting to disable the auto-creation of organizations
and teams on successful SAML login
* Fixed an XSS vulnerability (CVE-2020-25626)
* Fixed a slow memory leak in the Daphne process
* Fixed Automation Analytics data gathering to no longer fail for customers
with large datasets
* Fixed scheduled jobs that run every X minute(s) or hour(s) to no longer
fail to run at the proper time
* Fixed delays in Ansible Tower's task manager when large numbers of
simultaneous jobs are scheduled
* Fixed the performance for playbooks that store large amounts of data
using the set_stats module
* Fixed the awx-manage remove_from_queue tool when used with isolated nodes
* Fixed an issue that prevented jobs from being properly marked as canceled
when Tower is backed up and then restored to another environment

3. Solution:

For information on upgrading Ansible Tower, reference the Ansible Tower
Upgrade and Migration Guide:
  https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/
index.html

4. Bugs fixed (  https://bugzilla.redhat.com/):

1878635 - CVE-2020-25626 django-rest-framework: XSS Vulnerability in API viewer

5. References:

  https://access.redhat.com/security/cve/CVE-2020-14365
  https://access.redhat.com/security/cve/CVE-2020-25626
  https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.