(RHSA-2021:3473) Moderate: Red Hat Automation Platform 1.2.5 security and bugfixes update

2021-09-0819:16:20

access.redhat.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

68.8%

JSON

Red Hat Ansible Automation Platform integrates Red Hat’s automation suite
consisting of Red Hat Ansible Tower, Red Hat Ansible Engine, and use-case
specific capabilities for Microsoft Windows,network, security, and more,
along with Software-as-a-Service (SaaS)-based capabilities and features for
organization-wide effectiveness.

Security Fix(es):

python-urllib3: Catastrophic backtracking in URL authority parser (CVE-2021-33503)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

This update fixes various bugs and adds enhancements. Documentation for
these changes is available from the Release Notes document linked to in the
References section.

OSVersionArchitecturePackageVersionFilename
RedHat7noarchpython3-click< 7.1.2-3.el7pcpython3-click-7.1.2-3.el7pc.noarch.rpm
RedHat7noarchpython3-galaxy-ng< 4.2.6-1.el7pcpython3-galaxy-ng-4.2.6-1.el7pc.noarch.rpm
RedHat7x86_64python3-markupsafe< 1.1.1-4.el7pcpython3-markupsafe-1.1.1-4.el7pc.x86_64.rpm
RedHat7noarchautomation-hub< 4.2.6-1.el7pcautomation-hub-4.2.6-1.el7pc.noarch.rpm
RedHat8noarchautomation-hub< 4.2.6-1.el8pcautomation-hub-4.2.6-1.el8pc.noarch.rpm
RedHat7x86_64python3-markupsafe-debuginfo< 1.1.1-4.el7pcpython3-markupsafe-debuginfo-1.1.1-4.el7pc.x86_64.rpm
RedHat8x86_64python3-markupsafe< 1.1.1-4.el8pcpython3-markupsafe-1.1.1-4.el8pc.x86_64.rpm
RedHat8noarchpython3-click< 7.1.2-3.el8pcpython3-click-7.1.2-3.el8pc.noarch.rpm
RedHat8x86_64python3-markupsafe-debugsource< 1.1.1-4.el8pcpython3-markupsafe-debugsource-1.1.1-4.el8pc.x86_64.rpm
RedHat7noarchpython3-jinja2< 2.11.2-3.el7pcpython3-jinja2-2.11.2-3.el7pc.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	noarch	python3-click	< 7.1.2-3.el7pc	python3-click-7.1.2-3.el7pc.noarch.rpm
RedHat	7	noarch	python3-galaxy-ng	< 4.2.6-1.el7pc	python3-galaxy-ng-4.2.6-1.el7pc.noarch.rpm
RedHat	7	x86_64	python3-markupsafe	< 1.1.1-4.el7pc	python3-markupsafe-1.1.1-4.el7pc.x86_64.rpm
RedHat	7	noarch	automation-hub	< 4.2.6-1.el7pc	automation-hub-4.2.6-1.el7pc.noarch.rpm
RedHat	8	noarch	automation-hub	< 4.2.6-1.el8pc	automation-hub-4.2.6-1.el8pc.noarch.rpm
RedHat	7	x86_64	python3-markupsafe-debuginfo	< 1.1.1-4.el7pc	python3-markupsafe-debuginfo-1.1.1-4.el7pc.x86_64.rpm
RedHat	8	x86_64	python3-markupsafe	< 1.1.1-4.el8pc	python3-markupsafe-1.1.1-4.el8pc.x86_64.rpm
RedHat	8	noarch	python3-click	< 7.1.2-3.el8pc	python3-click-7.1.2-3.el8pc.noarch.rpm
RedHat	8	x86_64	python3-markupsafe-debugsource	< 1.1.1-4.el8pc	python3-markupsafe-debugsource-1.1.1-4.el8pc.x86_64.rpm
RedHat	7	noarch	python3-jinja2	< 2.11.2-3.el7pc	python3-jinja2-2.11.2-3.el7pc.noarch.rpm