RedHat: RHSA-2021-1079:01 Moderate: Red Hat Ansible Automation Platform
Summary
Red Hat Ansible Automation Platform Resource Operator container images
with security fixes.
Ansible Automation Platform manages Ansible Platform jobs and workflows
that can interface with any infrastructure on a Red Hat OpenShift Container
Platform cluster, or on a traditional infrastructure that is running
off-cluster.
Security fixes:
CVE-2021-20191 ansible: multiple modules expose secured values
[ansible_automation_platform-1.2] (BZ#1916813)
CVE-2021-20178 ansible: user data leak in snmp_facts module
[ansible_automation_platform-1.2] (BZ#1914774)
CVE-2021-20180 ansible: ansible module: bitbucket_pipeline_variable exposes
secured values [ansible_automation_platform-1.2] (BZ#1915808)
CVE-2021-20228 ansible: basic.py no_log with fallback option
[ansible_automation_platform-1.2] (BZ#1925002)
CVE-2021-3447 ansible: multiple modules expose secured values
[ansible_automation_platform-1.2] (BZ#1939349)
For more details about the security issue, including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Summary
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2017-12652 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-5094 https://access.redhat.com/security/cve/CVE-2019-5188 https://access.redhat.com/security/cve/CVE-2019-11719 https://access.redhat.com/security/cve/CVE-2019-11727 https://access.redhat.com/security/cve/CVE-2019-11756 https://access.redhat.com/security/cve/CVE-2019-12749 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-14973 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-17006 https://access.redhat.com/security/cve/CVE-2019-17023 https://access.redhat.com/security/cve/CVE-2019-17498 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-5313 https://access.redhat.com/security/cve/CVE-2020-6829 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-8625 https://access.redhat.com/security/cve/CVE-2020-12243 https://access.redhat.com/security/cve/CVE-2020-12400 https://access.redhat.com/security/cve/CVE-2020-12401 https://access.redhat.com/security/cve/CVE-2020-12402 https://access.redhat.com/security/cve/CVE-2020-12403 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15999 https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/cve/CVE-2021-3447 https://access.redhat.com/security/cve/CVE-2021-20178 https://access.redhat.com/security/cve/CVE-2021-20180 https://access.redhat.com/security/cve/CVE-2021-20191 https://access.redhat.com/security/cve/CVE-2021-20228 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/cve/CVE-2021-20191 https://access.redhat.com/security/cve/CVE-2021-20178 https://access.redhat.com/security/cve/CVE-2021-20180 https://access.redhat.com/security/cve/CVE-2021-20228 https://access.redhat.com/security/cve/CVE-2021-3447
Package List
Topic
Red Hat Ansible Automation Platform Resource Operator 1.2 (technicalpreview) images that fix several security issues.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Bugs Fixed
1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module
1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values
1916813 - CVE-2021-20191 ansible: multiple modules expose secured values
1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option
1939349 - CVE-2021-3447 ansible: multiple modules expose secured values