Login-Name Passwort


Sicherheit: Zwei Probleme in keycloak-httpd-client-install
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in keycloak-httpd-client-install
ID: FEDORA-2018-2299cfb708
Distribution: Fedora
Plattformen: Fedora 27
Datum: Do, 18. Januar 2018, 23:24
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15111


Fedora Update Notification
2018-01-18 21:29:58.585847

Name : keycloak-httpd-client-install
Product : Fedora 27
Version : 0.8
Release : 1.fc27
URL : https://github.com/jdennis/keycloak-httpd-client-install
Summary : Tools to configure Apache HTTPD as Keycloak client
Description :
Keycloak is a federated Identity Provider (IdP). Apache HTTPD supports
a variety of authentication modules which can be configured to utilize
a Keycloak IdP to perform authentication. This package contains
libraries and tools which can automate and simplify configuring an
Apache HTTPD authentication module and registering as a client of a
Keycloak IdP.

Update Information:

Security fix for CVE-2017-15111, CVE-2017-15112 Two minor security issues were
discovered and were assigned CVE's. CVE-2017-15112 concerns the ability to
a password on the command line where it could be exposed. That option has been
deprecated. See the man page for multiple ways to pass the password.
CVE-2017-15111 corrects the default location of a log file when running the low
level utilities directly, it had placed the log file in /tmp where a symbolic
link could be created pointing to another file. The risk with CVE-2017-15111 is
very low as this feature is seldom used, it's mostly for developers.

[ 1 ] Bug #1511626 - CVE-2017-15112 keycloak-httpd-client-install: unsafe use
of -p/--admin-password on command line
[ 2 ] Bug #1511623 - CVE-2017-15111 keycloak-httpd-client-install: unsafe
/tmp log file in --log-file option in keycloak_cli.py

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade keycloak-httpd-client-install' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Traut euch!
Neue Nachrichten