Red Hat Security Advisory 2020-2816-01

Red Hat Security Advisory 2020-2816-01: Posted Jul 2, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-2816-01 - Packages: Red Hat Single Sign-On 7.4.1 adapters for Red Hat JBoss Enterprise Application Platform 6. Issues addressed include a code execution vulnerability.; tags | advisory, code execution; systems | linux, redhat; advisories | CVE-2020-1714; SHA-256 | 37ae1faf530d1b55f569d88661539cc9d8e6dc9ac6c0e7c7785727ff4bd5a343; Download | Favorite | View

Red Hat Security Advisory 2020-2816-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Important: RH-SSO 7.4.1 adapters for Red Hat JBoss Enterprise Application Platform 6
Advisory ID:       RHSA-2020:2816-01
Product:           Red Hat JBoss Enterprise Application Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:2816
Issue date:        2020-07-02
CVE Names:         CVE-2020-1714
====================================================================
1. Summary:

A security update is now available for Red Hat Single Sign-On 7.4.1
adapters for Red Hat JBoss Enterprise Application Platform 6

Red Hat Product Security has rated this update as having a security impact
of
Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server - noarch
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server - noarch

3. Description:

Packages: Red Hat Single Sign-On 7.4.1 adapters for Red Hat JBoss
Enterprise Application Platform 6

Security Fix(es):

* keycloak: Lack of checks in ObjectInputStream leading to Remote Code
Execution (CVE-2020-1714)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution

6. JIRA issues fixed (https://issues.jboss.org/):

KEYCLOAK-13949 - Create RPMs for the RH-SSO 7.4.1 adapters for Red Hat JBoss Enterprise Application Platform 6

7. Package List:

Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server:

Source:
keycloak-adapter-sso7_4-eap6-9.0.4-1.redhat_00001.1.ep6.el6.src.rpm

noarch:
keycloak-adapter-sso7_4-eap6-9.0.4-1.redhat_00001.1.ep6.el6.noarch.rpm
keycloak-saml-adapter-sso7_4-eap6-9.0.4-1.redhat_00001.1.ep6.el6.noarch.rpm

Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server:

Source:
keycloak-adapter-sso7_4-eap6-9.0.4-1.redhat_00001.1.ep6.el7.src.rpm

noarch:
keycloak-adapter-sso7_4-eap6-9.0.4-1.redhat_00001.1.ep6.el7.noarch.rpm
keycloak-saml-adapter-sso7_4-eap6-9.0.4-1.redhat_00001.1.ep6.el7.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

8. References:

https://access.redhat.com/security/cve/CVE-2020-1714
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/

9. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXv3vttzjgjWX9erEAQip+g//fUaBD88/9hlJWte4MlRqtgCZH1Bts3za
Mad/Msagcj6UlFBHUg94bX6RItRornmSYDvspTUhQhAJ+9NEHlhBLBbxUB/p1rVf
Y99XjUK6Z/p4HIgZYKid7P+3fGtWr8/RRClH3Zk2Po6XaQ7J0yZld0np94YFA5rm
RiWX+6TBFVTNSommJzKxRU8fIkLtJ1JsL6yrUoc6KDIcHUuf01aZJINLpU+uYI5l
z0P1QZG/Re94bnth6hO5Z0ykQxFRH2uKl52qzAmqBn3WZD2YpWz43SNcrWL8banM
toLlBIGGP0XT4um/WE7RZrzGL3UeymF3p71sQ8A/VinIEygZyPB+Rkm4W0B3HJQd
v+2ln4811QH/y0hRjAW9wS3d1G1zWLKBVy9jmCfEtm3FO0OdVXrhbaoIm/De63Gt
Yx2jDPRinbEkkh2+whLflnwAvD8sIrgwlaobk5siCuRDr/5HzDzATjVWf6AGxdpq
dWthvIQFHPlLUryUttcjFNVxLW8CxGfkT7OhsTCNVKoDdrIipNq12ulC2EDO5yk4
Hl2d14XP8u1qQ2zY6greVHZhinYkSH+d8SpKFOkmHmeKk/DI/xvJ5YSStFxtfGay
Nv/DGhx0gETTZ8zA++rpGmubXlREX64greEemjF7V4nXW9U1gkJoa9dCta81YQXn
XP76+/SEPWU=GwKJ
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Red Hat Security Advisory 2020-2816-01

Red Hat Security Advisory 2020-2816-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2020-2816-01

Share This

Red Hat Security Advisory 2020-2816-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems