RHSA-2021:0779 - Security Advisory
Security Advisory: Important
Red Hat Ansible Tower 3.7.5-1 - RHEL7 Container
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253
- Upgraded to a more recent version of autobahn to address CVE-2020-35678.
- Upgraded to a more recent version of nginx to address CVE-2019-20372.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches.
- Improved analytics collection to collect the playbook status for all hosts in a playbook run
For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html
- Red Hat Ansible Automation Platform Text-Only Advisories x86_64
Red Hat Ansible Automation Platform Text-Only Advisories