Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Important: Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container

Related Vulnerabilities: CVE-2019-19340   CVE-2019-19341   CVE-2019-19342   CVE-2019-10768   CVE-2019-19342   CVE-2019-19340   CVE-2019-19341   CVE-2019-19340   CVE-2019-19341   CVE-2019-19342  

Source

Synopsis

Important: Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container

Type/Severity

Security Advisory: Important

Topic

Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container

Description

  • Added a command to generate a new SECRET_KEY and rekey the database
  • Removed the guest user from the optionally-configured RabbitMQ admin interface (CVE-2019-19340)
  • Fixed slow queries for /api/v2/instances and /api/v2/instance_groups when smart inventories are used
  • Fixed assorted issues with preserving permissions in the Ansible Tower backup playbook (CVE-2019-19341)
  • Fixed a partial password disclosure when special characters existed in the RabbitMQ password (CVE-2019-19342)
  • Fixed hang in error handling for source control checkouts
  • Fixed an error on subsequent job runs that override the branch of a project on an instance that did not have a prior project checkout
  • Fixed an issue where supervisord would not shut down correctly
  • Fixed an issue where jobs launched in isolated or container groups would incorrectly timeout
  • Fixed link to instance groups documentation in the user interface
  • Fixed retrieval of Red Hat subscription data when running in OpenShift
  • Fixed editing of inventory on Workflow templates
  • Fixed multiple issues with OAuth4 token cleanup system jobs
  • Fixed custom email notifications for workflow approve and deny
  • Updated SAML implementation to automatically log if authorization exists
  • Updated AngularJS to 1.7.9 for CVE-2019-10768
  • Updated installer to not install PostgreSQL server on all nodes
  • Updated bundled installer to contain both Red Hat Enterprise Linux 7 and 8 builds

Solution

For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/index.html

Affected Products

  • Red Hat Ansible Tower 3.6 x86_64

Fixes

  • BZ - 1782623 - CVE-2019-19342 Tower: special characters in RabbitMQ passwords causes web socket 500 error
  • BZ - 1782624 - CVE-2019-19340 Tower: enabling RabbitMQ manager in the installer exposes the management interface publicly
  • BZ - 1782625 - CVE-2019-19341 Tower: intermediate files during Tower backup are world-readable

CVEs

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started