-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Single Sign-On 7.4.8 security update Advisory ID: RHSA-2021:2965-01 Product: Red Hat Single Sign-On Advisory URL: https://access.redhat.com/errata/RHSA-2021:2965 Issue date: 2021-07-29 CVE Names: CVE-2021-3536 CVE-2021-21409 ==================================================================== 1. Summary: A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.8 serves as a replacement for Red Hat Single Sign-On 7.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * netty: Request smuggling via content-length header (CVE-2021-21409) * wildfly: XSS via admin console when creating roles in domain mode (CVE-2021-3536) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode 5. References: https://access.redhat.com/security/cve/CVE-2021-3536 https://access.redhat.com/security/cve/CVE-2021-21409 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.4 https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYQL/Y9zjgjWX9erEAQiFzg//aBJgBAckxhw+D7yC5ayOTjaIrYiDQ661 SBSr1MLRWxzbYXLcBtfWZLjoWkeUkYJlJTihQsONDaE0vhUqlJ1/4DYzwCpOn5G5 boiuoDXFL37Tcn/uJqqalQ8itOUCn6Sl1zp+UuEXy52L2gq6Hmhz8y3XNelqlWsg TrG6zV6b8btzYrDqY2C2rXKZ1p003qEDqUXsyAK46gZ6HUkR0YdaVRHD9mzUOvd1 PWzgrJm/RoPZlc5EQvdl9ETa8x6lHhqyZNRE6knLmTpCZJokgG2jq5+aQ0YObMud GKUH+74Oq/uo7yjA7flbUlGpEMMQn1uZXmN2rCmf38mERw9yKdpkZ4JjMpjiq6Ek gidsTOeA3kMXQu78wO/omGW10aoD1Gws/dp4fJCVUze235M7WLX9LPk+Eh4oJIwD wqMOs7MApfveUGgc+1jmYXxx1eF5MgFYG/kxvkOic0XAj/1ePP8wR3OgH9NeAh48 CrRfP8d/+/Ky4yVWZM3f4kKTWB2bkN84pPJCfyVMFdKSlsDv9xVtu0q9++A/P/pG sIY3UTvvsziEd8+iPOrOOaOvYyVADCD6WYfGCNDSKnMTAE5+cD3x6/BG5qLinBdx J8SSOvy9X1f/Xv8K2MXIS68se8XcUZHHEF4Nku2IaKiptNmcmrSvl/qDGgvJvZ2e Dr1tjd8mbRY=vz8q -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce