Red Hat Product Errata RHSA-2020:2617 - Security Advisory
Issued:
2020-06-18
Updated:
2020-06-18

RHSA-2020:2617 - Security Advisory

Synopsis

Moderate: security update - Red Hat Ansible Tower 3.7.1-1 - RHEL7 Container

Type/Severity

Security Advisory: Moderate

Topic

Red Hat Ansible Tower 3.7.1-1 - RHEL7 Container

Description

  • Updated rsyslog integration to not write world-readable configuration files (CVE-2020-10782)
  • Updated the included foreman/satellite inventory plugin to add the host_filters and want_ansible_ssh_host options
  • Updated Foreman/Satellite inventory to properly use group_prefix for all groups
  • Updated the Satellite inventory script to disable the reports option
  • Updated bundled installer to properly include all dependencies
  • Updated translations
  • Fixed the all_parents_must_converge property of workflow nodes to set properly
  • Fixed labels so organization administrators could remove them from a workflow
  • Fixed Mattermost workflow approval notifications
  • Fixed the notifications for management jobs so administrators could enable it
  • Fixed event processing for inventories with very large numbers of hosts to prevent Tower to slow down
  • Fixed the VMware inventory to properly detect the Instance UUID to no longer cause hosts to be removed and re-added
  • Fixed (reverted) a change to follow symlinks when discovering playbooks, as it could lead to an infinite loop
  • Fixed analytics gathering to not attempt to gather data if there is not a valid configuration for sending it
  • Fixed Tower to no longer break when virtual environments are created with incorrect permissions
  • Fixed the Sumologic logging integration associated with parsing the URL path
  • Fixed incorrectly configured logging so that it would no longer block Tower operation
  • Fix multiple websocket broadcast issues in OpenShift
  • Fixed instance registration in OpenShift
  • Fixed an issue where the redis socket in OpenShift deployments was world-writable

Solution

For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html

Affected Products

  • Red Hat Ansible Automation Platform Text-Only Advisories for RHEL 7 x86_64

Fixes

  • BZ - 1847843 - CVE-2020-10782 Tower: rsyslog configuration has world readable permissions

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.