Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Red Hat Single Sign-On 7.6.8
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Red Hat Single Sign-On 7.6.8
ID: RHSA-2024:1862
Distribution: Red Hat
Plattformen: Red Hat Single Sign-On 7.6 for RHEL 9
Datum: Mi, 17. April 2024, 23:25
Referenzen: https://access.redhat.com/security/cve/CVE-2024-1635
https://bugzilla.redhat.com/show_bug.cgi?id=2264928
https://bugzilla.redhat.com/show_bug.cgi?id=2262117
https://access.redhat.com/security/cve/CVE-2023-6484
https://access.redhat.com/security/cve/CVE-2024-1249
https://access.redhat.com/security/cve/CVE-2024-1132
https://bugzilla.redhat.com/show_bug.cgi?id=2253116
https://access.redhat.com/security/cve/CVE-2023-6544
https://bugzilla.redhat.com/show_bug.cgi?id=2248423
https://access.redhat.com/errata/RHSA-2024:1862
https://bugzilla.redhat.com/show_bug.cgi?id=2262918
Applikationen: Red Hat Single Sign-On 7.6.8

Originalnachricht

New Red Hat Single Sign-On 7.6.8 deliverables are now available for Red Hat
Enterprise Linux 9.

This is an enhancement and security update with Important impact rating and
package name 'rh-sso7-keycloak'. A Common Vulnerability Scoring System
(CVSS)
base score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.6.8 on RHEL 9 serves as a replacement
for Red Hat Single Sign-On 7.6.7, and includes bug fixes, security updates and
enhancements which are linked to in the References.
Security Fix(es):

* Authorization Bypass (CVE-2023-6544)
* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)
* path transversal in redirection validation (CVE-2024-1132)
* unvalidated cross-origin messages in checkLoginIframe leads to DDoS
(CVE-2024-1249)
* undertow: Out-of-memory Error after several closed connections with
wildfly-http-client protocol (CVE-2024-1635)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in the
References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2023-6484: Improper Output Neutralization for Logs (CWE-117)
CVE-2023-6544: Permissive Regular Expression (CWE-625)
CVE-2024-1132: Improper Limitation of a Pathname to a Restricted Directory
('Path Traversal') (CWE-22)
CVE-2024-1249: Origin Validation Error (CWE-346)
CVE-2024-1635: Uncontrolled Resource Consumption (CWE-400)
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung