RedHatRHSA-2023:6158

HistoryOct 30, 2023 - 1:15 a.m.

(RHSA-2023:6158) Moderate: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

2023-10-3001:15:30

access.redhat.com

red hat ansible

automation platform

security fix

bug fix

django

cve

update

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.7%

JSON

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.

Security Fix(es):

automation-controller: Django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665)
python3-urllib3/python39-urllib3: Cookie request header isn’t stripped during cross-origin redirects (CVE-2023-43804)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Updates and fixes for automation controller:

automation-controller has been updated to 4.4.7
Cleaned up SOS report passwords (AAP-17544)
Customers using the “infra.controller_configuration” collection (which uses “ansible.controller” collection) to update their Ansible Automation Platform environment no longer receive an HTTP 499 response (AAP-17422)

Additional changes:

python3-urllib3/python39-urllib3 has been updated to 1.26.18

OSVersionArchitecturePackageVersionFilename
RedHat8noarchautomation-controller-cli< 4.4.7-1.el8apautomation-controller-cli-4.4.7-1.el8ap.noarch.rpm
RedHat9ppc64leautomation-controller< 4.4.7-1.el9apautomation-controller-4.4.7-1.el9ap.ppc64le.rpm
RedHat8ppc64leautomation-controller< 4.4.7-1.el8apautomation-controller-4.4.7-1.el8ap.ppc64le.rpm
RedHat9aarch64automation-controller< 4.4.7-1.el9apautomation-controller-4.4.7-1.el9ap.aarch64.rpm
RedHat9noarchautomation-controller-ui< 4.4.7-1.el9apautomation-controller-ui-4.4.7-1.el9ap.noarch.rpm
RedHat8aarch64automation-controller-venv-tower< 4.4.7-1.el8apautomation-controller-venv-tower-4.4.7-1.el8ap.aarch64.rpm
RedHat9aarch64automation-controller-venv-tower< 4.4.7-1.el9apautomation-controller-venv-tower-4.4.7-1.el9ap.aarch64.rpm
RedHat8noarchpython39-urllib3< 1.26.18-1.el8appython39-urllib3-1.26.18-1.el8ap.noarch.rpm
RedHat8ppc64leautomation-controller-venv-tower< 4.4.7-1.el8apautomation-controller-venv-tower-4.4.7-1.el8ap.ppc64le.rpm
RedHat9ppc64leautomation-controller-venv-tower< 4.4.7-1.el9apautomation-controller-venv-tower-4.4.7-1.el9ap.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	noarch	automation-controller-cli	< 4.4.7-1.el8ap	automation-controller-cli-4.4.7-1.el8ap.noarch.rpm
RedHat	9	ppc64le	automation-controller	< 4.4.7-1.el9ap	automation-controller-4.4.7-1.el9ap.ppc64le.rpm
RedHat	8	ppc64le	automation-controller	< 4.4.7-1.el8ap	automation-controller-4.4.7-1.el8ap.ppc64le.rpm
RedHat	9	aarch64	automation-controller	< 4.4.7-1.el9ap	automation-controller-4.4.7-1.el9ap.aarch64.rpm
RedHat	9	noarch	automation-controller-ui	< 4.4.7-1.el9ap	automation-controller-ui-4.4.7-1.el9ap.noarch.rpm
RedHat	8	aarch64	automation-controller-venv-tower	< 4.4.7-1.el8ap	automation-controller-venv-tower-4.4.7-1.el8ap.aarch64.rpm
RedHat	9	aarch64	automation-controller-venv-tower	< 4.4.7-1.el9ap	automation-controller-venv-tower-4.4.7-1.el9ap.aarch64.rpm
RedHat	8	noarch	python39-urllib3	< 1.26.18-1.el8ap	python39-urllib3-1.26.18-1.el8ap.noarch.rpm
RedHat	8	ppc64le	automation-controller-venv-tower	< 4.4.7-1.el8ap	automation-controller-venv-tower-4.4.7-1.el8ap.ppc64le.rpm
RedHat	9	ppc64le	automation-controller-venv-tower	< 4.4.7-1.el9ap	automation-controller-venv-tower-4.4.7-1.el9ap.ppc64le.rpm

Rows per page:

1-10 of 241