- Issued:
- 2019-11-25
- Updated:
- 2019-11-25
RHSA-2019:3958 - Security Advisory
Synopsis
Critical: Red Hat Ansible Tower 3.6.1-1 - EL7 Container
Type/Severity
Security Advisory: Critical
Topic
Red Hat Ansible Tower 3.6.1-1 - EL7 Container
Description
Ansible Tower Version 3.6.1
- ----------------------------
- Fixed accidental disclosure of Red Hat username and password in
/api/v2/config (CVE-2019-14890)
- Fixed upgrade failure with bundled installer
- Fixed license check error when reinstalling over a partially-installed
Tower
- Fixed database restore when using a PostgreSQL pod
- Fixed error when CA data was missing for a container group credential
- Fixed error when a container group job was launched when Tower was out
of capacity
- Fixed a few minor issues in the AWX modules collection
Solution
For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html
Affected Products
- Red Hat Ansible Automation Platform Text-Only Advisories for RHEL 7 x86_64
Fixes
- BZ - 1773622 - CVE-2019-14890 Tower: RHSM username and password exposed after license application
CVEs
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
