Red Hat Product Errata RHSA-2020:4137 - Security Advisory
Issued:
2020-09-30
Updated:
2020-09-30

RHSA-2020:4137 - Security Advisory

Synopsis

Moderate: security update - Red Hat Ansible Tower 3.6.6-1 - RHEL7 Container

Type/Severity

Security Advisory: Moderate

Topic

Red Hat Ansible Tower 3.6.6-1 - RHEL7 Container

Description

  • Fixed an XSS vulnerability (CVE-2020-25626)
  • Fixed the Red Hat sosreport tool to no longer include the Ansible Tower SECRET_KEY value
  • Fixed the Ansible Tower installer so that it is now compatible with the latest supported Red Hat OpenShift Container Platforms 3.x and 4.x

Solution

For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html

Affected Products

  • Red Hat Ansible Automation Platform Text-Only Advisories for RHEL 7 x86_64

Fixes

  • BZ - 1878635 - CVE-2020-25626 django-rest-framework: XSS Vulnerability in API viewer

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.