- Issued:
- 2020-04-22
- Updated:
- 2020-04-22
RHBA-2020:1540 - Bug Fix Advisory
Synopsis
Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container
Type/Severity
Bug Fix Advisory
Topic
Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container
Description
- Added additional metrics to the Prometheus /api/v2/metrics/ endpoint for reporting remaining instance capacity
- Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface (CVE-2020-10698)
- Fixed OAuth2 refresh tokens to properly respect custom expiration settings (CVE-2020-10709)
- Fixed event hostnames to be recorded for playbooks run on isolated nodes
- Fixed a PostgreSQL issue that caused upgrade failures in certain situations
- Fixed the search for Source Control credentials in the Tower user interface
- Fixed a performance issue to no longer delay the output of project updates for certain users
- Fixed the installations to no longer fail with admin passwords that contain certain special characters
- Fixed the start time to correctly set for approval notifications
- Fixed an inconsistency in gathered inventory analytics
- Improved memcached in OpenShift deployments to listen on a more secure domain socket (CVE-2020-10697)
- Updated single sign-on integration to address several upcoming GitHub API deprecations
- Updated the Twisted library to address CVE-2020-10108 and CVE-2020-10109
- Updated translations
Solution
For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html
Affected Products
- Red Hat Ansible Automation Platform Text-Only Advisories for RHEL 7 x86_64
Fixes
(none)CVEs
References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.