-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: security update - Red Hat Ansible Tower 3.7.1-1 - RHEL7 Container
Advisory ID:       RHSA-2020:2617-01
Product:           Red Hat Ansible Tower
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:2617
Issue date:        2020-06-18
CVE Names:         CVE-2020-10782 
====================================================================
1. Summary:

Red Hat Ansible Tower 3.7.1-1 - RHEL7 Container

2. Description:

* Updated rsyslog integration to not write world-readable configuration
files (CVE-2020-10782)
* Updated the included foreman/satellite inventory plugin to add the
host_filters and want_ansible_ssh_host options
* Updated Foreman/Satellite inventory to properly use group_prefix for all
groups
* Updated the Satellite inventory script to disable the reports option 
* Updated bundled installer to properly include all dependencies
* Updated translations
* Fixed the all_parents_must_converge property of workflow nodes to set
properly
* Fixed labels so organization administrators could remove them from a
workflow
* Fixed Mattermost workflow approval notifications
* Fixed the notifications for management jobs so administrators could
enable it
* Fixed event processing for inventories with very large numbers of hosts
to prevent Tower to slow down
* Fixed the VMware inventory to properly detect the Instance UUID to no
longer cause hosts to be removed and re-added
* Fixed (reverted) a change to follow symlinks when discovering playbooks,
as it could lead to an infinite loop
* Fixed analytics gathering to not attempt to gather data if there is not a
valid configuration for sending it
* Fixed Tower to no longer break when virtual environments are created with
incorrect permissions
* Fixed the Sumologic logging integration associated with parsing the URL
path
* Fixed incorrectly configured logging so that it would no longer block
Tower operation
* Fix multiple websocket broadcast issues in OpenShift
* Fixed instance registration in OpenShift
* Fixed an issue where the redis socket in OpenShift deployments was
world-writable

3. Solution:

For information on upgrading Ansible Tower, reference the Ansible Tower
Upgrade and Migration Guide:
https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/
index.html

4. Bugs fixed (https://bugzilla.redhat.com/):

1847843 - CVE-2020-10782 Tower: rsyslog configuration has world readable permissions

5. References:

https://access.redhat.com/security/cve/CVE-2020-10782
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXuwbW9zjgjWX9erEAQg/hQ/+MOiAIlbl+dqYgVLXPr4b0FSaPOKdJgSe
oB4vD+ODM3Yi0k5arGI7Rm8FXjcqwImMK0Ls7bytfiI+4GMJ+v40G1KVOokB3Pk5
tkW0wMQgJNkUyapbg9Gb3MPVfqhl6JJkst8BtkTlLKJCQrBUrAroiiXMB/jqeWUP
0drAKAQbvHwGpWqKlRL91Da+epp5WPQziKd/8IGVI6YfMPq2XH7LvMGnk0Rxtdi6
Us7P1ni/Mam89z4urY+1iczuXXKg6+7Fyk/Sz97JlTdr6gICX07IA/f9nL915lNZ
MhZMszCQ/JCQaD7t3bvMQVyykf+t043PQT+Ev3fFnn8NFjr18tjsadNntHVchgA4
txjwM5AeYk/m7Y+l/KHKfkoGI8tzOqhswM4moolD0a22hc95ltZcXU5kWQ37ynJt
rtl4dpdZ5hczuHjk1OKW4yWYrlwoUvkdhj9/X747kxN3TIcPDfISBGQWzzIaPsZb
2iwmJaj4YmCK4FL4YezrfvdKu3tATkg2AazfQ/2g4PMOp3Ml+psSQQ9cQfNUd66K
4V4MvIChIhZtVF0tKhU+Kl+dRx5z2KZx9KtpYccJMZoAFyj3m+yJY+7FzyU1t+nJ
/+onhc8h7zofCibdebVklktaX2y523DRYm3IX8TaMcrgEkts4tG1IzFDFJoAjyWx
taXBNpj+AAk=H5yf
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2020-2617:01 Moderate: security update - Red Hat Ansible Tower

Red Hat Ansible Tower 3.7.1-1 - RHEL7 Container 2

Summary

* Updated rsyslog integration to not write world-readable configuration files (CVE-2020-10782) * Updated the included foreman/satellite inventory plugin to add the host_filters and want_ansible_ssh_host options * Updated Foreman/Satellite inventory to properly use group_prefix for all groups * Updated the Satellite inventory script to disable the reports option * Updated bundled installer to properly include all dependencies * Updated translations * Fixed the all_parents_must_converge property of workflow nodes to set properly * Fixed labels so organization administrators could remove them from a workflow * Fixed Mattermost workflow approval notifications * Fixed the notifications for management jobs so administrators could enable it * Fixed event processing for inventories with very large numbers of hosts to prevent Tower to slow down * Fixed the VMware inventory to properly detect the Instance UUID to no longer cause hosts to be removed and re-added * Fixed (reverted) a change to follow symlinks when discovering playbooks, as it could lead to an infinite loop * Fixed analytics gathering to not attempt to gather data if there is not a valid configuration for sending it * Fixed Tower to no longer break when virtual environments are created with incorrect permissions * Fixed the Sumologic logging integration associated with parsing the URL path * Fixed incorrectly configured logging so that it would no longer block Tower operation * Fix multiple websocket broadcast issues in OpenShift * Fixed instance registration in OpenShift * Fixed an issue where the redis socket in OpenShift deployments was world-writable

Summary

Solution

For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html

References

https://access.redhat.com/security/cve/CVE-2020-10782 https://access.redhat.com/security/updates/classification/#moderate

Package List

Severity

Advisory ID: RHSA-2020:2617-01

Product: Red Hat Ansible Tower

Advisory URL: https://access.redhat.com/errata/RHSA-2020:2617

Issued Date: : 2020-06-18

CVE Names: CVE-2020-10782

Topic

Red Hat Ansible Tower 3.7.1-1 - RHEL7 Container

Topic

Relevant Releases Architectures

Bugs Fixed

1847843 - CVE-2020-10782 Tower: rsyslog configuration has world readable permissions

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12

3 - 5 min read

Dec 06, 2024

The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This

A Linux Admin

A Linux Admin's Guide to Tackling Emerging Cloud-Native Security Risks

3 - 6 min read

Dec 05, 2024

As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,

Leveraging Insights from the Linux Foundation

Leveraging Insights from the Linux Foundation's Census III Report for More Secure Linux Administration

3 - 5 min read

Dec 05, 2024

The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone

Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns

Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns

3 - 6 min read

Dec 04, 2024

Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security

From Wayland Fixes to Security Boosts: Examining Qt 6.8.1

From Wayland Fixes to Security Boosts: Examining Qt 6.8.1's Impact on Linux Administration

3 - 6 min read

Dec 03, 2024

The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application

Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins

Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins

3 - 6 min read

Dec 03, 2024

The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline

Deck the Halls with Enhanced Security: Linux Kernel 6.13

Deck the Halls with Enhanced Security: Linux Kernel 6.13's Top Features & Improvements

3 - 5 min read

Dec 02, 2024

As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made

Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions

Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions

3 - 5 min read

Dec 02, 2024

New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

News

Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Advisories

Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
HOWTOs

Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Features

Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
About Us

Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Powered By

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

© 2024 Guardian Digital, Inc All Rights Reserved