—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat Single Sign-On 7.3.8 security update
Advisory ID: RHSA-2020:2113-01
Product: Red Hat Single Sign-On
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2113
Issue date: 2020-05-12
CVE Names: CVE-2018-14371 CVE-2019-10174 CVE-2020-6950
=====================================================================
1. Summary:
A security update is now available for Red Hat Single Sign-On 7.3 from the
Customer Portal.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Description:
Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications.
This asynchronous patch is a security update for the Undertow package in
Red Hat Single Sign-On 7.3.8.
Security Fix(es):
* infinispan: invokeAccessibly method from ReflectionUtil class allows to
invoke private methods (CVE-2019-10174)
* mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the
loc parameter (CVE-2018-14371)
* Mojarra: Path traversal via either the loc parameter or the con
parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.
The References section of this erratum contains a download link (you must
log in to download the update).
4. Bugs fixed (https://bugzilla.redhat.com/):
1607709 – CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter
1703469 – CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods
1805006 – CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371
5. References:
https://access.redhat.com/security/cve/CVE-2018-14371
https://access.redhat.com/security/cve/CVE-2019-10174
https://access.redhat.com/security/cve/CVE-2020-6950
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.3
https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBXrraT9zjgjWX9erEAQgaGQ//ZOD0WL47ABG9jIfNdIoMLPQ+s1wKFzEK
W/0QER6bmuF6u/fd/uBXJVcK0KlOUHTYJQGUhFE1JYg63lF5MeS+AY2DGjGekCQV
fB9YkNV7CSB1IbK09QCbsqgIVvyEw2Kgj1SnyZbJbNM7NJB1gnkN1CqaEXvxGp8O
MTqjtrhwRT9m59ukHpvaAu+XLZ3u5Bx4XE/Q30/ZkNsg6wyHAwSg9cuJir0vUtvN
n8qGWVkE2hHAUdcqEnZEeaNsTDmWr0G9F6WeREOlt9zOpQdBRxc+TfzHzCENNc4Q
/tUAN5XjPwrOPzriNI1CRvcXe0cFgS/Q3bYsbvP1W1jnzBtV5aVrMewrLeHLieaT
Nm/j4EZMIfA8GXgrdQ4wTJTToM3OVW/WkZupO+qF52nNVpGpHoPj0wGNclAYk2NJ
NbRj+10YX0UDOGmUKAbDV+hs+VRE0ZyJ8Ie2yKbQ9SjfJJeNtTGthz2PYgurSzNE
7In8IDNftqLpAWL/cyTrgMvNIGW6yvjK+aCCsqp3Uhv7incBb6ITVpVbjCLsXYUH
I+J/Eqfk7KENGQCEUKoD1KUFxQLEBMA+Z/2G6w8IA5lSdWrmmjoNJ/0GqdODxlFX
sQhtW2UExNb5OMOoSjcfVYwx8r0aE5Y0LPj2kmWH6jgUthV+FlBK1jfa9g3HzSo+
2sC3EmunJo8=
=w9MO
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat Single Sign-On 7.3.8 security update
Advisory ID: RHSA-2020:2112-01
Product: Red Hat Single Sign-On
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2112
Issue date: 2020-05-12
CVE Names: CVE-2019-10172 CVE-2019-14900 CVE-2019-17573
CVE-2020-1695 CVE-2020-1718 CVE-2020-1719
CVE-2020-1724 CVE-2020-1757 CVE-2020-1758
CVE-2020-7226
=====================================================================
1. Summary:
A security update is now available for Red Hat Single Sign-On 7.3 from the
Customer Portal.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Description:
Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.3.8 serves as a replacement for
Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements,
which are documented in the Release Notes document linked to in the
References.
Security Fix(es):
* keycloak: security issue on reset credential flow (CVE-2020-1718)
* undertow: servletPath is normalized incorrectly leading to dangerous
application mapping which could result in security bypass (CVE-2020-1757)
* jackson-mapper-asl: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)
* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* cxf: reflected XSS in the services listing page (CVE-2019-17573)
* resteasy: Improper validation of response header in
MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* Wildfly: EJBContext principal is not popped back after invoking another
EJB using a different Security Domain (CVE-2020-1719)
* keycloak: improper verification of certificate with host mismatch could
result in information disclosure (CVE-2020-1758)
* cryptacular: excessive memory allocation during a decode operation
(CVE-2020-7226)
* keycloak: problem with privacy after user logout (CVE-2020-1724)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.
The References section of this erratum contains a download link (you must
log in to download the update).
4. Bugs fixed (https://bugzilla.redhat.com/):
1666499 – CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM
1715075 – CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720
1730462 – CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
1752770 – CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
1796617 – CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain
1796756 – CVE-2020-1718 keycloak: security issue on reset credential flow
1797011 – CVE-2019-17573 cxf: reflected XSS in the services listing page
1800527 – CVE-2020-1724 keycloak: problem with privacy after user logout
1801380 – CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation
1812514 – CVE-2020-1758 keycloak: improper verification of certificate with host mismatch could result in information disclosure
5. References:
https://access.redhat.com/security/cve/CVE-2019-10172
https://access.redhat.com/security/cve/CVE-2019-14900
https://access.redhat.com/security/cve/CVE-2019-17573
https://access.redhat.com/security/cve/CVE-2020-1695
https://access.redhat.com/security/cve/CVE-2020-1718
https://access.redhat.com/security/cve/CVE-2020-1719
https://access.redhat.com/security/cve/CVE-2020-1724
https://access.redhat.com/security/cve/CVE-2020-1757
https://access.redhat.com/security/cve/CVE-2020-1758
https://access.redhat.com/security/cve/CVE-2020-7226
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.3
https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBXrraStzjgjWX9erEAQjGGA/9H+0mP7aNzf3QiX+wiwuKCODpzIctTO18
UvyIux7XIxiatyb65qegnQi307KWyb0hYxNdocnI1m08tz8Lp+qebtkJmJSy3Ngt
OgnQXQmFUqw/jjoK00sbYeOOUC+NxPE85yh+ooIsyuvS8WBYuFHBlXlxa029SVc9
igTxQ7GXB1+/Ku8vXBkIsc+YC4t3lGHtUnMZS48fDmyMM0NcDEX+b5kwJXiKrIGm
80j25g1P72Y84DRF2/7c64J/xwwwQrotZ30px1ZmjlclrpPT7XQ2TuFQVxilZh9X
F8e/0Gih1rDsRy7Xza5X+bmnT5Cq16nBVR7wnKvFlDk0ITd2OcbqUxCYUrbsfHU4
91oettbysDViIWsPbM91V1NGTHMC070mQsJ/lmwAy9XOHQFalgAWrVIhkvMOH8O9
a/0A0+KsjSOlBYk6f+YzSzzgfRG9oQ4Bc2NADj56B0BSWX/FLajA4JNuijOJNmUd
P54fBKKJRQ0w1Td0oQs/DrIwkdMpsz3kRP/c8k+aJNpZ7IDILIPopdpsaCOUGgGn
9UTzdqVAKFPtI4l5iLEI3jB9SvFfSXwDjHDCpw6RlcEYxiKL4TBWW9VCUocAAOz0
2UWHRKVztrtRznKVq9EZ8jkGwK8ybgZpfV1DrcaGCtzzEKoVRd3XTs9ljfrrfnnj
ViMG5m2vpXo=
=aH/+
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat Single Sign-On 7.3.8 security update on RHEL 6
Advisory ID: RHSA-2020:2106-01
Product: Red Hat Single Sign-On
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2106
Issue date: 2020-05-12
CVE Names: CVE-2020-1718 CVE-2020-1724 CVE-2020-1758
=====================================================================
1. Summary:
New Red Hat Single Sign-On 7.3.8 packages are now available for Red Hat
Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Single Sign-On 7.3 for RHEL 6 Server – noarch
3. Description:
Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.3.8 on RHEL 6 serves as a
replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and
enhancements, which are documented in the Release Notes document linked to
in the References.
Security Fix(es):
* keycloak: security issue on reset credential flow (CVE-2020-1718)
* keycloak: improper verification of certificate with host mismatch could
result in information disclosure (CVE-2020-1758)
* keycloak: problem with privacy after user logout (CVE-2020-1724)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1796756 – CVE-2020-1718 keycloak: security issue on reset credential flow
1800527 – CVE-2020-1724 keycloak: problem with privacy after user logout
1812514 – CVE-2020-1758 keycloak: improper verification of certificate with host mismatch could result in information disclosure
6. JIRA issues fixed (https://issues.jboss.org/):
KEYCLOAK-13797 – Create RPMs for the RH-SSO 7.3.8 release for RHEL6
7. Package List:
Red Hat Single Sign-On 7.3 for RHEL 6 Server:
Source:
rh-sso7-keycloak-4.8.20-1.Final_redhat_00001.1.el6sso.src.rpm
noarch:
rh-sso7-keycloak-4.8.20-1.Final_redhat_00001.1.el6sso.noarch.rpm
rh-sso7-keycloak-server-4.8.20-1.Final_redhat_00001.1.el6sso.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
8. References:
https://access.redhat.com/security/cve/CVE-2020-1718
https://access.redhat.com/security/cve/CVE-2020-1724
https://access.redhat.com/security/cve/CVE-2020-1758
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/
9. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBXrrRntzjgjWX9erEAQgBWRAAnqSzYpDyJMCXsKin1SxPhnRXtDf0Fvw9
b6u32OoXwmbVx/ejhlrAuZt5ykM1kYUkMBaMe3dmNIRlcTe7NFxRJtjw/UURO/Bj
3GLjUX6wgnZKjd13mHmkbnm48A/6lhpuDo2+NdM8aeuWc/USyj2VSbmWp79JqmuV
vvNiFXhIFO2IvVfmJJ2BqVfrc53nk61ZUhyXXEW+UspwIQsKHLb7vLxHyz6lGpZO
chf3O4zVUKky5dWZuT2w2pDV2I1ROOdVwSntTLmML9Q6IzgGdrWzoQlxMBk4Z+oA
Ww8XLGwHJ4E6e0/0SLVb26nwBupRk8CtDaf41rNGIlMysDLcbHMrHkgNUsUKeAzl
NlyvzJFxn7mV3NTsfaM8adOu4S6+9J1oWmgNeO54d5i01nJjCTIkLryrjjqzU/v1
xwPIiMMoGaJweKd2tok0NafdXi4gzPvNRmG8IyBpb+FV6H3CHci0WD5vUNwD3qZD
0/S3oCFe87Mcef3fffoKb5cjtZQ4JDWeKBo0znUtbBUwWL7RqpTc9k4b1xgSu2nc
IGrWboUtoKO99Fyz7v0jWHD4MSx8in+Jk9zXRZtB/4waAJhRPKkC+Wt5+t80ue+T
obRp/nLwopi+yw6y4TbIm1qmshwjhbnK6noewSzcRRmxkR1ngrnWFZrJNnJb9fDF
xA5Pov0IYws=
=Arda
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat Single Sign-On 7.3.8 security update on RHEL 8
Advisory ID: RHSA-2020:2108-01
Product: Red Hat Single Sign-On
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2108
Issue date: 2020-05-12
CVE Names: CVE-2020-1718 CVE-2020-1724 CVE-2020-1758
=====================================================================
1. Summary:
New Red Hat Single Sign-On 7.3.8 packages are now available for Red Hat
Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of
Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives
a detailed severity rating, is available for each vulnerability from the
CVE
link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Single Sign-On 7.3 for RHEL 8 – noarch
3. Description:
Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.3.8 on RHEL 8 serves as a
replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and
enhancements, which are documented in the Release Notes document linked to
in the References.
Security Fix(es):
* keycloak: security issue on reset credential flow (CVE-2020-1718)
* keycloak: improper verification of certificate with host mismatch could
result in information disclosure (CVE-2020-1758)
* keycloak: problem with privacy after user logout (CVE-2020-1724)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1796756 – CVE-2020-1718 keycloak: security issue on reset credential flow
1800527 – CVE-2020-1724 keycloak: problem with privacy after user logout
1812514 – CVE-2020-1758 keycloak: improper verification of certificate with host mismatch could result in information disclosure
6. JIRA issues fixed (https://issues.jboss.org/):
KEYCLOAK-13799 – Create RPMs for the RH-SSO 7.3.8 release for RHEL8
7. Package List:
Red Hat Single Sign-On 7.3 for RHEL 8:
Source:
rh-sso7-keycloak-4.8.20-1.Final_redhat_00001.1.el8sso.src.rpm
noarch:
rh-sso7-keycloak-4.8.20-1.Final_redhat_00001.1.el8sso.noarch.rpm
rh-sso7-keycloak-server-4.8.20-1.Final_redhat_00001.1.el8sso.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
8. References:
https://access.redhat.com/security/cve/CVE-2020-1718
https://access.redhat.com/security/cve/CVE-2020-1724
https://access.redhat.com/security/cve/CVE-2020-1758
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/
9. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBXrrRo9zjgjWX9erEAQi+xg//YmyjtTUAB0O3o0E7jUA08dPR7oCmhP5i
B6pi2tEwGVFSulV00I9T71QAdhmBtR7WjDlyyqj3KX/wLqXGntQBsYfB6Wi+6DGN
jr3XgLgUa3DpTD/rnPHOZ+T0RkeiLK+T3iksBdn6vJhUjH+ati3Tc2v1a6VOmbDA
1SoHj4+3iQydphtkK9J6T76mWNGVlWBvlvFGwkamY0yE+xJX3+AdLrEm4L+5x/px
xWhT5HZVkZCA++y2pBlE6ANG9Y4tRHVtDMaXmHBSBJGiTcyFkyoU0r4R/JqeMYSQ
BE+thU5wqbfVtDtrTYhMpYOnn/K1wBafTy91RBmk/t309cTGDw/oEiFJ6e/aiDtP
1f2rhAkHUcS1mUhXMyadWZP/Szvfxmh+XCqSP+YB4rdOqOkm55ZMFWjp29lqZsab
8Mjxuai79om2FsCT2Me5o6VkA0/ACyDosn6hChoq2+wd5cThTqwR78vYdt/gj6Hc
VfmAtORnAZrfwgqpaKGzmF4fe/8uQIHZthhc8lqY3BkWDERienTB8nk2VlhVborV
2gfMFxxRZaNIAhOZVI6Tnmk1hm0Lg1waj+ATMdTp8Y5P+OT7DFX4E1tpfE9hjk6X
KoWRjH0HU6YwVOBfPBIcztNa1aPWuVtE2EIa7RA4G1bpN7FLMH+OttyCH+mDLiEA
Z3d0bsyOrQI=
=O8ah
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat Single Sign-On 7.3.8 security update on RHEL 7
Advisory ID: RHSA-2020:2107-01
Product: Red Hat Single Sign-On
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2107
Issue date: 2020-05-12
CVE Names: CVE-2020-1718 CVE-2020-1724 CVE-2020-1758
=====================================================================
1. Summary:
New Red Hat Single Sign-On 7.3.8 packages are now available for Red Hat
Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Single Sign-On 7.3 for RHEL 7 Server – noarch
3. Description:
Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.3.8 on RHEL 7 serves as a
replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and
enhancements, which are documented in the Release Notes document linked to
in the References.
Security Fix(es):
* keycloak: security issue on reset credential flow (CVE-2020-1718)
* keycloak: improper verification of certificate with host mismatch could
result in information disclosure (CVE-2020-1758)
* keycloak: problem with privacy after user logout (CVE-2020-1724)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1796756 – CVE-2020-1718 keycloak: security issue on reset credential flow
1800527 – CVE-2020-1724 keycloak: problem with privacy after user logout
1812514 – CVE-2020-1758 keycloak: improper verification of certificate with host mismatch could result in information disclosure
6. JIRA issues fixed (https://issues.jboss.org/):
KEYCLOAK-13798 – Create RPMs for the RH-SSO 7.3.8 release for RHEL7
7. Package List:
Red Hat Single Sign-On 7.3 for RHEL 7 Server:
Source:
rh-sso7-keycloak-4.8.20-1.Final_redhat_00001.1.el7sso.src.rpm
noarch:
rh-sso7-keycloak-4.8.20-1.Final_redhat_00001.1.el7sso.noarch.rpm
rh-sso7-keycloak-server-4.8.20-1.Final_redhat_00001.1.el7sso.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
8. References:
https://access.redhat.com/security/cve/CVE-2020-1718
https://access.redhat.com/security/cve/CVE-2020-1724
https://access.redhat.com/security/cve/CVE-2020-1758
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/
9. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBXrrRYtzjgjWX9erEAQiirQ/9GFUny3eLV+Yi1D9VIc7qHuXT0gnF377Y
n6zEyAwFEdla3xuabaTzWnhZsuSZiyMk4gyX2JFDZ9Ta0yCCERh4hk/RMuPqyasL
zChISSBacpSOTq4kn7o1HxfeMv8KaUvBboB2+PZE3yjtIAkYt5dySoSyxfrQ3epr
oLmTZ0pAI777/qEAfr0iFrAP2dCcudGKpb8wz67HqI4s2vxUy9Vdrmyr/ThSrcP7
KAz/WO6PElyp94oc14eKrrPO1YyUnY05FHTQzuii1f4TnuUpF2E/w7XmrXR4YBUy
2be5oQlFAjjPmEfKMofl85Xrz2nvTOgEitfgX+YVZcV8kYcBJdX/sTYPFFP3D5eX
3JcT7mzFIjI8F0vBgPKjsrVHJYcgAVsfTWetNbvYe/zE5oJc1qh1va0xoibYvON+
3XtmaYn/R2XC9PXRTKwHTBxDfRbVsPaBDiBUnsvKL47sMUkkoSB0LfSMHtwCrkWJ
48yzU2Np/S6ka/Xo8r/V+JRrSJLhQJoOySMutsGI9y+nv6+wBu/6Jdryade2sX+Z
BkBad3qtUIdyC8l9JxmIT0R5BJmF4+7zm60ctxsfgUldPoREP+wN4GH4EiKrA4Kn
msUA649dPkaEs3T7ejgP8ahp8USUS3rZGUZpiQZZESqbNhCX9p2jV1jNVFsdECWG
zOlhRFuo2V0=
=NGWE
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce