Red Hat Product Errata RHSA-2023:7517 - Security Advisory
Issued:
2023-11-27
Updated:
2023-11-27

RHSA-2023:7517 - Security Advisory

Synopsis

Moderate: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat Ansible Automation Platform 2.4

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.

Security Fix(es):

  • receptor: golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)
  • receptor: golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322 )

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional changes for receptor:

  • Always clean up timed out connections (AAP-16951)
  • receptor has been updated to 1.4.3

Solution

Red Hat Ansible Automation Platform

Affected Products

  • Red Hat Ansible Automation Platform 2.4 for RHEL 9 x86_64
  • Red Hat Ansible Automation Platform 2.4 for RHEL 9 s390x
  • Red Hat Ansible Automation Platform 2.4 for RHEL 9 ppc64le
  • Red Hat Ansible Automation Platform 2.4 for RHEL 9 aarch64
  • Red Hat Ansible Automation Platform 2.4 for RHEL 8 x86_64
  • Red Hat Ansible Automation Platform 2.4 for RHEL 8 s390x
  • Red Hat Ansible Automation Platform 2.4 for RHEL 8 ppc64le
  • Red Hat Ansible Automation Platform 2.4 for RHEL 8 aarch64
  • Red Hat Ansible Inside 1.2 for RHEL 9 x86_64
  • Red Hat Ansible Inside 1.2 for RHEL 9 s390x
  • Red Hat Ansible Inside 1.2 for RHEL 9 ppc64le
  • Red Hat Ansible Inside 1.2 for RHEL 9 aarch64
  • Red Hat Ansible Inside 1.2 for RHEL 8 x86_64
  • Red Hat Ansible Inside 1.2 for RHEL 8 s390x
  • Red Hat Ansible Inside 1.2 for RHEL 8 ppc64le
  • Red Hat Ansible Inside 1.2 for RHEL 8 aarch64
  • Red Hat Ansible Developer 1.1 for RHEL 9 x86_64
  • Red Hat Ansible Developer 1.1 for RHEL 9 s390x
  • Red Hat Ansible Developer 1.1 for RHEL 9 ppc64le
  • Red Hat Ansible Developer 1.1 for RHEL 9 aarch64
  • Red Hat Ansible Developer 1.1 for RHEL 8 x86_64
  • Red Hat Ansible Developer 1.1 for RHEL 8 s390x
  • Red Hat Ansible Developer 1.1 for RHEL 8 ppc64le
  • Red Hat Ansible Developer 1.1 for RHEL 8 aarch64

Fixes

  • BZ - 2237777 - CVE-2023-39321 golang: crypto/tls: panic when processing post-handshake message on QUIC connections
  • BZ - 2237778 - CVE-2023-39322 golang: crypto/tls: lack of a limit on buffered post-handshake

Red Hat Ansible Automation Platform 2.4 for RHEL 9

SRPM
receptor-1.4.3-1.el9ap.src.rpm SHA-256: 15bac77665c8837aa88ff3ff81c6f92ce5fc60b6ab074051350eaa73166948bb
x86_64
receptor-1.4.3-1.el9ap.x86_64.rpm SHA-256: 8791d0e4e58b6cb5df8bc2d95fed010be41959847e2b47b713ffe47598ed850c
receptorctl-1.4.3-1.el9ap.noarch.rpm SHA-256: 630a86990d9d6207186cd9356f73a24964a6cb7882c5acb68f88a162d8f548c2
s390x
receptor-1.4.3-1.el9ap.s390x.rpm SHA-256: ca9a62485360716dfb91c166d04c90b441923582d740bceee7d36ee88816314b
receptorctl-1.4.3-1.el9ap.noarch.rpm SHA-256: 630a86990d9d6207186cd9356f73a24964a6cb7882c5acb68f88a162d8f548c2
ppc64le
receptor-1.4.3-1.el9ap.ppc64le.rpm SHA-256: 7bf9731804dd43bb10877d3ba8ef9cd2e91910ba9dda4f1f9012a452e59a1726
receptorctl-1.4.3-1.el9ap.noarch.rpm SHA-256: 630a86990d9d6207186cd9356f73a24964a6cb7882c5acb68f88a162d8f548c2
aarch64
receptor-1.4.3-1.el9ap.aarch64.rpm SHA-256: 062366568a53e793723353a34185d2c18b8463a85d31aff62619922d0465426c
receptorctl-1.4.3-1.el9ap.noarch.rpm SHA-256: 630a86990d9d6207186cd9356f73a24964a6cb7882c5acb68f88a162d8f548c2

Red Hat Ansible Automation Platform 2.4 for RHEL 8

SRPM
receptor-1.4.3-1.el8ap.src.rpm SHA-256: 73e785ecb510446329d5b9a2283ecbe25ad890e6518ef1d13a13e47e319e6eb5
x86_64
receptor-1.4.3-1.el8ap.x86_64.rpm SHA-256: 3411af8d8ee93bd5a0565363a8989dcb3c188df0fe2a30afca5c95b59c777f15
receptorctl-1.4.3-1.el8ap.noarch.rpm SHA-256: af156a3185869b1d66dd04c7a5709c31f3b7a746e7403cff3c3b069630334fc5
s390x
receptor-1.4.3-1.el8ap.s390x.rpm SHA-256: 1460d8bb088ebf6a1f08d4115a363c43b3e26ec6a164578d5fa381dcebff7d17
receptorctl-1.4.3-1.el8ap.noarch.rpm SHA-256: af156a3185869b1d66dd04c7a5709c31f3b7a746e7403cff3c3b069630334fc5
ppc64le
receptor-1.4.3-1.el8ap.ppc64le.rpm SHA-256: 60a57266157d0797f419057e2319041524299fb8c0e246213e663a429c3016cd
receptorctl-1.4.3-1.el8ap.noarch.rpm SHA-256: af156a3185869b1d66dd04c7a5709c31f3b7a746e7403cff3c3b069630334fc5
aarch64
receptor-1.4.3-1.el8ap.aarch64.rpm SHA-256: 4885cd545a13fb91720b638f15f1429b6b776868023179fefcb079463186efa8
receptorctl-1.4.3-1.el8ap.noarch.rpm SHA-256: af156a3185869b1d66dd04c7a5709c31f3b7a746e7403cff3c3b069630334fc5

Red Hat Ansible Inside 1.2 for RHEL 9

SRPM
receptor-1.4.3-1.el9ap.src.rpm SHA-256: 15bac77665c8837aa88ff3ff81c6f92ce5fc60b6ab074051350eaa73166948bb
x86_64
receptorctl-1.4.3-1.el9ap.noarch.rpm SHA-256: 630a86990d9d6207186cd9356f73a24964a6cb7882c5acb68f88a162d8f548c2
s390x
receptorctl-1.4.3-1.el9ap.noarch.rpm SHA-256: 630a86990d9d6207186cd9356f73a24964a6cb7882c5acb68f88a162d8f548c2
ppc64le
receptorctl-1.4.3-1.el9ap.noarch.rpm SHA-256: 630a86990d9d6207186cd9356f73a24964a6cb7882c5acb68f88a162d8f548c2
aarch64
receptorctl-1.4.3-1.el9ap.noarch.rpm SHA-256: 630a86990d9d6207186cd9356f73a24964a6cb7882c5acb68f88a162d8f548c2

Red Hat Ansible Inside 1.2 for RHEL 8

SRPM
receptor-1.4.3-1.el8ap.src.rpm SHA-256: 73e785ecb510446329d5b9a2283ecbe25ad890e6518ef1d13a13e47e319e6eb5
x86_64
receptorctl-1.4.3-1.el8ap.noarch.rpm SHA-256: af156a3185869b1d66dd04c7a5709c31f3b7a746e7403cff3c3b069630334fc5
s390x
receptorctl-1.4.3-1.el8ap.noarch.rpm SHA-256: af156a3185869b1d66dd04c7a5709c31f3b7a746e7403cff3c3b069630334fc5
ppc64le
receptorctl-1.4.3-1.el8ap.noarch.rpm SHA-256: af156a3185869b1d66dd04c7a5709c31f3b7a746e7403cff3c3b069630334fc5
aarch64
receptorctl-1.4.3-1.el8ap.noarch.rpm SHA-256: af156a3185869b1d66dd04c7a5709c31f3b7a746e7403cff3c3b069630334fc5

Red Hat Ansible Developer 1.1 for RHEL 9

SRPM
receptor-1.4.3-1.el9ap.src.rpm SHA-256: 15bac77665c8837aa88ff3ff81c6f92ce5fc60b6ab074051350eaa73166948bb
x86_64
receptorctl-1.4.3-1.el9ap.noarch.rpm SHA-256: 630a86990d9d6207186cd9356f73a24964a6cb7882c5acb68f88a162d8f548c2
s390x
receptorctl-1.4.3-1.el9ap.noarch.rpm SHA-256: 630a86990d9d6207186cd9356f73a24964a6cb7882c5acb68f88a162d8f548c2
ppc64le
receptorctl-1.4.3-1.el9ap.noarch.rpm SHA-256: 630a86990d9d6207186cd9356f73a24964a6cb7882c5acb68f88a162d8f548c2
aarch64
receptorctl-1.4.3-1.el9ap.noarch.rpm SHA-256: 630a86990d9d6207186cd9356f73a24964a6cb7882c5acb68f88a162d8f548c2

Red Hat Ansible Developer 1.1 for RHEL 8

SRPM
receptor-1.4.3-1.el8ap.src.rpm SHA-256: 73e785ecb510446329d5b9a2283ecbe25ad890e6518ef1d13a13e47e319e6eb5
x86_64
receptorctl-1.4.3-1.el8ap.noarch.rpm SHA-256: af156a3185869b1d66dd04c7a5709c31f3b7a746e7403cff3c3b069630334fc5
s390x
receptorctl-1.4.3-1.el8ap.noarch.rpm SHA-256: af156a3185869b1d66dd04c7a5709c31f3b7a746e7403cff3c3b069630334fc5
ppc64le
receptorctl-1.4.3-1.el8ap.noarch.rpm SHA-256: af156a3185869b1d66dd04c7a5709c31f3b7a746e7403cff3c3b069630334fc5
aarch64
receptorctl-1.4.3-1.el8ap.noarch.rpm SHA-256: af156a3185869b1d66dd04c7a5709c31f3b7a746e7403cff3c3b069630334fc5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.