Red Hat Product Errata RHSA-2023:5805 - Security Advisory
Issued:
2023-10-17
Updated:
2023-10-17

RHSA-2023:5805 - Security Advisory

Synopsis

Important: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat Ansible Automation Platform 2.4

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.

Security Fix(es):

  • receptor: golang: net/http, x/net/http2: rapid stream resets can cause excessive work [CVE-2023-44487] (CVE-2023-39325)
  • receptor: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.

  • receptor: golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional changes:

  • receptor has been updated to 1.4.2

Solution

Red Hat Ansible Automation Platform

Affected Products

  • Red Hat Ansible Automation Platform 2.4 for RHEL 9 x86_64
  • Red Hat Ansible Automation Platform 2.4 for RHEL 9 s390x
  • Red Hat Ansible Automation Platform 2.4 for RHEL 9 ppc64le
  • Red Hat Ansible Automation Platform 2.4 for RHEL 9 aarch64
  • Red Hat Ansible Automation Platform 2.4 for RHEL 8 x86_64
  • Red Hat Ansible Automation Platform 2.4 for RHEL 8 s390x
  • Red Hat Ansible Automation Platform 2.4 for RHEL 8 ppc64le
  • Red Hat Ansible Automation Platform 2.4 for RHEL 8 aarch64
  • Red Hat Ansible Inside 1.2 for RHEL 9 x86_64
  • Red Hat Ansible Inside 1.2 for RHEL 9 s390x
  • Red Hat Ansible Inside 1.2 for RHEL 9 ppc64le
  • Red Hat Ansible Inside 1.2 for RHEL 9 aarch64
  • Red Hat Ansible Inside 1.2 for RHEL 8 x86_64
  • Red Hat Ansible Inside 1.2 for RHEL 8 s390x
  • Red Hat Ansible Inside 1.2 for RHEL 8 ppc64le
  • Red Hat Ansible Inside 1.2 for RHEL 8 aarch64
  • Red Hat Ansible Developer 1.1 for RHEL 9 x86_64
  • Red Hat Ansible Developer 1.1 for RHEL 9 s390x
  • Red Hat Ansible Developer 1.1 for RHEL 9 ppc64le
  • Red Hat Ansible Developer 1.1 for RHEL 9 aarch64
  • Red Hat Ansible Developer 1.1 for RHEL 8 x86_64
  • Red Hat Ansible Developer 1.1 for RHEL 8 s390x
  • Red Hat Ansible Developer 1.1 for RHEL 8 ppc64le
  • Red Hat Ansible Developer 1.1 for RHEL 8 aarch64

Fixes

  • BZ - 2228743 - CVE-2023-29409 golang: crypto/tls: slow verification of certificate chains containing large RSA keys
  • BZ - 2242803 - CVE-2023-44487 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
  • BZ - 2243296 - CVE-2023-39325 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

Red Hat Ansible Automation Platform 2.4 for RHEL 9

SRPM
receptor-1.4.2-1.el9ap.src.rpm SHA-256: 975b345fbb0ec0b3fab43e25ec1aadd59a40d72953ae750cc8a7b87c4b8f8dad
x86_64
receptor-1.4.2-1.el9ap.x86_64.rpm SHA-256: 5c172c33d9031eff775ba44a71a791b6e30cdcce8b85c07135d3f773c983d7d8
receptorctl-1.4.2-1.el9ap.noarch.rpm SHA-256: 7bb3b688f1ef592d758e1e99608b0626f0a431b7ebcdbbb8f7a89095827cafe0
s390x
receptor-1.4.2-1.el9ap.s390x.rpm SHA-256: 420e1d32d87c3cae1ba86e62ef40057f7e9fe4726fa3bbb4430fd281ed57b3ed
receptorctl-1.4.2-1.el9ap.noarch.rpm SHA-256: 7bb3b688f1ef592d758e1e99608b0626f0a431b7ebcdbbb8f7a89095827cafe0
ppc64le
receptor-1.4.2-1.el9ap.ppc64le.rpm SHA-256: 6b3bdd8e5e677d1730815e4b06edbaec65bbfb1a98a7b722c864ca5cf6ffb8f5
receptorctl-1.4.2-1.el9ap.noarch.rpm SHA-256: 7bb3b688f1ef592d758e1e99608b0626f0a431b7ebcdbbb8f7a89095827cafe0
aarch64
receptor-1.4.2-1.el9ap.aarch64.rpm SHA-256: 9ec477e9e793cae76e257bd55a5571926701a758e5197ff7543c5b0a32217051
receptorctl-1.4.2-1.el9ap.noarch.rpm SHA-256: 7bb3b688f1ef592d758e1e99608b0626f0a431b7ebcdbbb8f7a89095827cafe0

Red Hat Ansible Automation Platform 2.4 for RHEL 8

SRPM
receptor-1.4.2-1.el8ap.src.rpm SHA-256: 9980640def7315955fbde3b136db0b62f5aadf41f793b0e72669e4f12da728ef
x86_64
receptor-1.4.2-1.el8ap.x86_64.rpm SHA-256: 511d90e88185b843b26ed81c87c9fef04c33dd54429fc312bc0e67d8e17d37a7
receptorctl-1.4.2-1.el8ap.noarch.rpm SHA-256: 26a73d66cfc05fdd537a3e14fb1eb5ff20b75497c018cad81e34dbf5ed4c6594
s390x
receptor-1.4.2-1.el8ap.s390x.rpm SHA-256: 1276e6fb0fb1e17d0293ecfc46b6a5808e50462528451faceef1a04584545e8e
receptorctl-1.4.2-1.el8ap.noarch.rpm SHA-256: 26a73d66cfc05fdd537a3e14fb1eb5ff20b75497c018cad81e34dbf5ed4c6594
ppc64le
receptor-1.4.2-1.el8ap.ppc64le.rpm SHA-256: 8a25de7dfd0c240cef6c1f4069652483f07b143f10ae29983f8288e38550675a
receptorctl-1.4.2-1.el8ap.noarch.rpm SHA-256: 26a73d66cfc05fdd537a3e14fb1eb5ff20b75497c018cad81e34dbf5ed4c6594
aarch64
receptor-1.4.2-1.el8ap.aarch64.rpm SHA-256: 53e82348a6281c04c4078157d46a275ed60d404670d3bb0258b2bdda1b4616a0
receptorctl-1.4.2-1.el8ap.noarch.rpm SHA-256: 26a73d66cfc05fdd537a3e14fb1eb5ff20b75497c018cad81e34dbf5ed4c6594

Red Hat Ansible Inside 1.2 for RHEL 9

SRPM
receptor-1.4.2-1.el9ap.src.rpm SHA-256: 975b345fbb0ec0b3fab43e25ec1aadd59a40d72953ae750cc8a7b87c4b8f8dad
x86_64
receptorctl-1.4.2-1.el9ap.noarch.rpm SHA-256: 7bb3b688f1ef592d758e1e99608b0626f0a431b7ebcdbbb8f7a89095827cafe0
s390x
receptorctl-1.4.2-1.el9ap.noarch.rpm SHA-256: 7bb3b688f1ef592d758e1e99608b0626f0a431b7ebcdbbb8f7a89095827cafe0
ppc64le
receptorctl-1.4.2-1.el9ap.noarch.rpm SHA-256: 7bb3b688f1ef592d758e1e99608b0626f0a431b7ebcdbbb8f7a89095827cafe0
aarch64
receptorctl-1.4.2-1.el9ap.noarch.rpm SHA-256: 7bb3b688f1ef592d758e1e99608b0626f0a431b7ebcdbbb8f7a89095827cafe0

Red Hat Ansible Inside 1.2 for RHEL 8

SRPM
receptor-1.4.2-1.el8ap.src.rpm SHA-256: 9980640def7315955fbde3b136db0b62f5aadf41f793b0e72669e4f12da728ef
x86_64
receptorctl-1.4.2-1.el8ap.noarch.rpm SHA-256: 26a73d66cfc05fdd537a3e14fb1eb5ff20b75497c018cad81e34dbf5ed4c6594
s390x
receptorctl-1.4.2-1.el8ap.noarch.rpm SHA-256: 26a73d66cfc05fdd537a3e14fb1eb5ff20b75497c018cad81e34dbf5ed4c6594
ppc64le
receptorctl-1.4.2-1.el8ap.noarch.rpm SHA-256: 26a73d66cfc05fdd537a3e14fb1eb5ff20b75497c018cad81e34dbf5ed4c6594
aarch64
receptorctl-1.4.2-1.el8ap.noarch.rpm SHA-256: 26a73d66cfc05fdd537a3e14fb1eb5ff20b75497c018cad81e34dbf5ed4c6594

Red Hat Ansible Developer 1.1 for RHEL 9

SRPM
receptor-1.4.2-1.el9ap.src.rpm SHA-256: 975b345fbb0ec0b3fab43e25ec1aadd59a40d72953ae750cc8a7b87c4b8f8dad
x86_64
receptorctl-1.4.2-1.el9ap.noarch.rpm SHA-256: 7bb3b688f1ef592d758e1e99608b0626f0a431b7ebcdbbb8f7a89095827cafe0
s390x
receptorctl-1.4.2-1.el9ap.noarch.rpm SHA-256: 7bb3b688f1ef592d758e1e99608b0626f0a431b7ebcdbbb8f7a89095827cafe0
ppc64le
receptorctl-1.4.2-1.el9ap.noarch.rpm SHA-256: 7bb3b688f1ef592d758e1e99608b0626f0a431b7ebcdbbb8f7a89095827cafe0
aarch64
receptorctl-1.4.2-1.el9ap.noarch.rpm SHA-256: 7bb3b688f1ef592d758e1e99608b0626f0a431b7ebcdbbb8f7a89095827cafe0

Red Hat Ansible Developer 1.1 for RHEL 8

SRPM
receptor-1.4.2-1.el8ap.src.rpm SHA-256: 9980640def7315955fbde3b136db0b62f5aadf41f793b0e72669e4f12da728ef
x86_64
receptorctl-1.4.2-1.el8ap.noarch.rpm SHA-256: 26a73d66cfc05fdd537a3e14fb1eb5ff20b75497c018cad81e34dbf5ed4c6594
s390x
receptorctl-1.4.2-1.el8ap.noarch.rpm SHA-256: 26a73d66cfc05fdd537a3e14fb1eb5ff20b75497c018cad81e34dbf5ed4c6594
ppc64le
receptorctl-1.4.2-1.el8ap.noarch.rpm SHA-256: 26a73d66cfc05fdd537a3e14fb1eb5ff20b75497c018cad81e34dbf5ed4c6594
aarch64
receptorctl-1.4.2-1.el8ap.noarch.rpm SHA-256: 26a73d66cfc05fdd537a3e14fb1eb5ff20b75497c018cad81e34dbf5ed4c6594

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.