Red Hat Product Errata RHSA-2024:7312 - Security Advisory
Issued:
2024-09-27
Updated:
2024-09-27

RHSA-2024:7312 - Security Advisory

Synopsis

Moderate: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat Ansible Automation Platform 2.4

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.

Security Fix(es):

  • automation-controller: djangorestframework: Cross-site Scripting (XSS) via break_long_headers (CVE-2024-21520)
  • automation-controller: twisted: Reflected XSS via HTML Injection in Redirect Response (CVE-2024-41810)
  • automation-controller: urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Updates and fixes for automation controller:

  • Fixed Galaxy credentials to be correctly ordered when assigning them using 'ansible.controller.organization' (AAP-31398)
  • Fixed gather analytics failure due to missing '_unpartitioned_main_jobevent' table (AAP-31053)
  • automation-controller has been updated to 4.5.12

Solution

Red Hat Ansible Automation Platform

Affected Products

  • Red Hat Ansible Automation Platform 2.4 for RHEL 9 x86_64
  • Red Hat Ansible Automation Platform 2.4 for RHEL 9 s390x
  • Red Hat Ansible Automation Platform 2.4 for RHEL 9 ppc64le
  • Red Hat Ansible Automation Platform 2.4 for RHEL 9 aarch64
  • Red Hat Ansible Automation Platform 2.4 for RHEL 8 x86_64
  • Red Hat Ansible Automation Platform 2.4 for RHEL 8 s390x
  • Red Hat Ansible Automation Platform 2.4 for RHEL 8 ppc64le
  • Red Hat Ansible Automation Platform 2.4 for RHEL 8 aarch64
  • Red Hat Ansible Developer 1.1 for RHEL 9 x86_64
  • Red Hat Ansible Developer 1.1 for RHEL 9 s390x
  • Red Hat Ansible Developer 1.1 for RHEL 9 ppc64le
  • Red Hat Ansible Developer 1.1 for RHEL 9 aarch64
  • Red Hat Ansible Developer 1.1 for RHEL 8 x86_64
  • Red Hat Ansible Developer 1.1 for RHEL 8 s390x
  • Red Hat Ansible Developer 1.1 for RHEL 8 ppc64le
  • Red Hat Ansible Developer 1.1 for RHEL 8 aarch64

Fixes

  • BZ - 2292788 - CVE-2024-37891 urllib3: proxy-authorization request header is not stripped during cross-origin redirects
  • BZ - 2294457 - CVE-2024-21520 djangorestframework: Cross-site Scripting (XSS) via break_long_headers
  • BZ - 2300497 - CVE-2024-41810 python-twisted: Reflected XSS via HTML Injection in Redirect Response

Red Hat Ansible Automation Platform 2.4 for RHEL 9

SRPM
automation-controller-4.5.12-1.el9ap.src.rpm SHA-256: 1e8df860c0741401c12ebf19dc24e454ff56d994154cb7c81d112dde6487f3b9
x86_64
automation-controller-4.5.12-1.el9ap.x86_64.rpm SHA-256: d4d329485bb58287ff336adbf5d0c5e14d99ac4abcf9eb97edc3279a7f2c0f78
automation-controller-cli-4.5.12-1.el9ap.noarch.rpm SHA-256: 05adcb46382b507e7835e4067de87117b5680d85f661673e5d2136eb313559f2
automation-controller-server-4.5.12-1.el9ap.noarch.rpm SHA-256: c492e945d3342ec880c1c50daff1a69392a29844c1819b0b2a30dcc7413151b1
automation-controller-ui-4.5.12-1.el9ap.noarch.rpm SHA-256: 48232b1b977d36d74065540b6024aae486506eb5614062e4218e829ced3fbddf
automation-controller-venv-tower-4.5.12-1.el9ap.x86_64.rpm SHA-256: 69103416cbe76369078cdc2dfa4a2b9f192d287baa925fcf9b1f1cb989a1fc62
s390x
automation-controller-4.5.12-1.el9ap.s390x.rpm SHA-256: 2329c65de15761b53be28a1fb1ba8910104af9ba8888a0effb0a074366e27085
automation-controller-cli-4.5.12-1.el9ap.noarch.rpm SHA-256: 05adcb46382b507e7835e4067de87117b5680d85f661673e5d2136eb313559f2
automation-controller-server-4.5.12-1.el9ap.noarch.rpm SHA-256: c492e945d3342ec880c1c50daff1a69392a29844c1819b0b2a30dcc7413151b1
automation-controller-ui-4.5.12-1.el9ap.noarch.rpm SHA-256: 48232b1b977d36d74065540b6024aae486506eb5614062e4218e829ced3fbddf
automation-controller-venv-tower-4.5.12-1.el9ap.s390x.rpm SHA-256: 011d9a181db1d424aa1ca676c44a21f9558507c40e0e1f1a7516ee481abf6cff
ppc64le
automation-controller-4.5.12-1.el9ap.ppc64le.rpm SHA-256: 1e81d8e1caecfa897465d28d52ee5414013a54b2848c4b2d0421a0ef09ca6ed8
automation-controller-cli-4.5.12-1.el9ap.noarch.rpm SHA-256: 05adcb46382b507e7835e4067de87117b5680d85f661673e5d2136eb313559f2
automation-controller-server-4.5.12-1.el9ap.noarch.rpm SHA-256: c492e945d3342ec880c1c50daff1a69392a29844c1819b0b2a30dcc7413151b1
automation-controller-ui-4.5.12-1.el9ap.noarch.rpm SHA-256: 48232b1b977d36d74065540b6024aae486506eb5614062e4218e829ced3fbddf
automation-controller-venv-tower-4.5.12-1.el9ap.ppc64le.rpm SHA-256: 12531a841d821188bdfd029bc583f14a8b8dab2a147766f9d08007a93c9b1d7e
aarch64
automation-controller-4.5.12-1.el9ap.aarch64.rpm SHA-256: 3f83125f44e1aea0b7837ce377d614a6e295972610c00817154d0cf6daa00414
automation-controller-cli-4.5.12-1.el9ap.noarch.rpm SHA-256: 05adcb46382b507e7835e4067de87117b5680d85f661673e5d2136eb313559f2
automation-controller-server-4.5.12-1.el9ap.noarch.rpm SHA-256: c492e945d3342ec880c1c50daff1a69392a29844c1819b0b2a30dcc7413151b1
automation-controller-ui-4.5.12-1.el9ap.noarch.rpm SHA-256: 48232b1b977d36d74065540b6024aae486506eb5614062e4218e829ced3fbddf
automation-controller-venv-tower-4.5.12-1.el9ap.aarch64.rpm SHA-256: 72278de1f2caaacb9853053eb61f0c1244118fad4a9a866a41f0f7214f300d0d

Red Hat Ansible Automation Platform 2.4 for RHEL 8

SRPM
automation-controller-4.5.12-1.el8ap.src.rpm SHA-256: 4a62e9c6577c567585301e4132c9620ed538cc0ba97759d418858fd887df2dc4
x86_64
automation-controller-4.5.12-1.el8ap.x86_64.rpm SHA-256: abdd43588c604e8ce617288318a37fcb0d788ce8c54a5791638b03078817fc7a
automation-controller-cli-4.5.12-1.el8ap.noarch.rpm SHA-256: 418d847b657c26dd19131f14c723912b812f0cf32a65415242b304f8a49e5f44
automation-controller-server-4.5.12-1.el8ap.noarch.rpm SHA-256: 40f1db0f9d972e436471980509f60d5a13e0223d14dfc4660c1247e2f835d5aa
automation-controller-ui-4.5.12-1.el8ap.noarch.rpm SHA-256: 4970d2c62f2fe3b5f47d9ebc2f67db4427e8bbccff151b15e163495687101827
automation-controller-venv-tower-4.5.12-1.el8ap.x86_64.rpm SHA-256: 381353814bfc521fa6ec3a8444208564f3b2e160677ca9d616803f780489ab1c
s390x
automation-controller-4.5.12-1.el8ap.s390x.rpm SHA-256: 578e3e0ec15a64b35a98549eb0fe39ba3edb3f898477fa307c1039c923815142
automation-controller-cli-4.5.12-1.el8ap.noarch.rpm SHA-256: 418d847b657c26dd19131f14c723912b812f0cf32a65415242b304f8a49e5f44
automation-controller-server-4.5.12-1.el8ap.noarch.rpm SHA-256: 40f1db0f9d972e436471980509f60d5a13e0223d14dfc4660c1247e2f835d5aa
automation-controller-ui-4.5.12-1.el8ap.noarch.rpm SHA-256: 4970d2c62f2fe3b5f47d9ebc2f67db4427e8bbccff151b15e163495687101827
automation-controller-venv-tower-4.5.12-1.el8ap.s390x.rpm SHA-256: ef34c19c0014f5382c99ace135995aaac3aefb1f3b91ba1fb81d039838d24242
ppc64le
automation-controller-4.5.12-1.el8ap.ppc64le.rpm SHA-256: c21ff39f51c2641d25c30d253f38536317e41576b4caa828168c9391908c7cc9
automation-controller-cli-4.5.12-1.el8ap.noarch.rpm SHA-256: 418d847b657c26dd19131f14c723912b812f0cf32a65415242b304f8a49e5f44
automation-controller-server-4.5.12-1.el8ap.noarch.rpm SHA-256: 40f1db0f9d972e436471980509f60d5a13e0223d14dfc4660c1247e2f835d5aa
automation-controller-ui-4.5.12-1.el8ap.noarch.rpm SHA-256: 4970d2c62f2fe3b5f47d9ebc2f67db4427e8bbccff151b15e163495687101827
automation-controller-venv-tower-4.5.12-1.el8ap.ppc64le.rpm SHA-256: f7de38c06f0a9e30053a4efc3e79f06b85a4451281ad7f90b226165f485ba981
aarch64
automation-controller-4.5.12-1.el8ap.aarch64.rpm SHA-256: ca1c39b2a90f3b8a26871cbef3ced63c06e742185d49511e7309007c998d147c
automation-controller-cli-4.5.12-1.el8ap.noarch.rpm SHA-256: 418d847b657c26dd19131f14c723912b812f0cf32a65415242b304f8a49e5f44
automation-controller-server-4.5.12-1.el8ap.noarch.rpm SHA-256: 40f1db0f9d972e436471980509f60d5a13e0223d14dfc4660c1247e2f835d5aa
automation-controller-ui-4.5.12-1.el8ap.noarch.rpm SHA-256: 4970d2c62f2fe3b5f47d9ebc2f67db4427e8bbccff151b15e163495687101827
automation-controller-venv-tower-4.5.12-1.el8ap.aarch64.rpm SHA-256: 42fb5e42b015597a8e8ecdb89fe4a0b1ac3d4fb1464ae1318778d3c301f09254

Red Hat Ansible Developer 1.1 for RHEL 9

SRPM
automation-controller-4.5.12-1.el9ap.src.rpm SHA-256: 1e8df860c0741401c12ebf19dc24e454ff56d994154cb7c81d112dde6487f3b9
x86_64
automation-controller-cli-4.5.12-1.el9ap.noarch.rpm SHA-256: 05adcb46382b507e7835e4067de87117b5680d85f661673e5d2136eb313559f2
s390x
automation-controller-cli-4.5.12-1.el9ap.noarch.rpm SHA-256: 05adcb46382b507e7835e4067de87117b5680d85f661673e5d2136eb313559f2
ppc64le
automation-controller-cli-4.5.12-1.el9ap.noarch.rpm SHA-256: 05adcb46382b507e7835e4067de87117b5680d85f661673e5d2136eb313559f2
aarch64
automation-controller-cli-4.5.12-1.el9ap.noarch.rpm SHA-256: 05adcb46382b507e7835e4067de87117b5680d85f661673e5d2136eb313559f2

Red Hat Ansible Developer 1.1 for RHEL 8

SRPM
automation-controller-4.5.12-1.el8ap.src.rpm SHA-256: 4a62e9c6577c567585301e4132c9620ed538cc0ba97759d418858fd887df2dc4
x86_64
automation-controller-cli-4.5.12-1.el8ap.noarch.rpm SHA-256: 418d847b657c26dd19131f14c723912b812f0cf32a65415242b304f8a49e5f44
s390x
automation-controller-cli-4.5.12-1.el8ap.noarch.rpm SHA-256: 418d847b657c26dd19131f14c723912b812f0cf32a65415242b304f8a49e5f44
ppc64le
automation-controller-cli-4.5.12-1.el8ap.noarch.rpm SHA-256: 418d847b657c26dd19131f14c723912b812f0cf32a65415242b304f8a49e5f44
aarch64
automation-controller-cli-4.5.12-1.el8ap.noarch.rpm SHA-256: 418d847b657c26dd19131f14c723912b812f0cf32a65415242b304f8a49e5f44

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.