-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Single Sign-On security update on RHEL 8 Advisory ID: RHSA-2021:5219-01 Product: Red Hat Single Sign-On Advisory URL: https://access.redhat.com/errata/RHSA-2021:5219 Issue date: 2021-12-20 CVE Names: CVE-2021-4133 ==================================================================== 1. Summary: A security update is now available for Red Hat Single Sign-On 7.5 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Single Sign-On 7.4 for RHEL 8 - noarch 3. Description: Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This is an asynchronous patch for Red Hat Single Sign-On 7.5, and includes one security fix. Security Fix: * keycloak: Incorrect authorization allows unpriviledged users to create other users (CVE-2021-4133) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2033602 - CVE-2021-4133 Keycloak: Incorrect authorization allows unpriviledged users to create other users 6. Package List: Red Hat Single Sign-On 7.4 for RHEL 8: Source: rh-sso7-keycloak-15.0.2-3.redhat_00002.1.el8sso.src.rpm noarch: rh-sso7-keycloak-15.0.2-3.redhat_00002.1.el8sso.noarch.rpm rh-sso7-keycloak-server-15.0.2-3.redhat_00002.1.el8sso.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-4133 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.5/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYcDdsdzjgjWX9erEAQjCjA/+KIlIiMbC0ZFeoMKgl1YChugum1oQWWIc Nym8fZN9rU6k0Py/Xp8tTHKpFo0rF1IhgnzvkmaU3VeIHL2yxxpoSjzKpZKy+pgV 7+W2850a5ygG6egZtige+RB6mpWZlyEuaXr2SBhX3f2CXgG42vIqu5jeKqn6kyBG Zt6F+EG/i2ABmNuAOeL5Rpvb4ihEIlqsTcaYsQb4HtM7ozBoxXQB4LE1HS9KQZWh 5eMlpnRauWklAIIE2X72Vt7gjjbatmxmi/BHNeWige7iKtsHZzIAyoZOJ8TRgK2k EqdtRVmcRKRwu64wa6aL1ry8BXbyIs0jgRTwNx09tqHwWjtJkr9w+C/bvNhQXaMU Gz4oRws8kgQcMiCAkM9eAam8PnuD84b0EPvZI4YwLi9/PZ6P4/1Oz4+imas7uP67 G1QRKhjjxdXgwqrH8rv8FdTtIkNrPpUG0Ebxz/fTpshVkzIKxU19oOIs9T3G3shF FVNQBUSaffk6fKIX66cfoIiz6FNjCzPjTRqkPAhIzekISvZE+jt6UOD34aJqp9ku cMhp3LbK2uAYOkKlHWe6RNIhYDnliCNyP8K/dNNtgeW7sgSp7BnJ/5QPuzgkkr26 l9xiPN6W/h2vAVNwYImYSUSQ5Wi/pT9+VYTd9kOgZxkylLalvQYhwPT7KAfAN3lO /CI0iyhfwR0=RdiR -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce