RedHat: RHSA-2020-0952:01 Critical: Red Hat Single Sign-On 7.3.7 security

    Date23 Mar 2020
    140
    Posted ByLinuxSecurity Advisories
    A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Critical: Red Hat Single Sign-On 7.3.7 security update
    Advisory ID:       RHSA-2020:0952-01
    Product:           Red Hat Single Sign-On
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0952
    Issue date:        2020-03-23
    CVE Names:         CVE-2020-1745 
    =====================================================================
    
    1. Summary:
    
    A security update is now available for Red Hat Single Sign-On 7.3 from the
    Customer Portal.
    
    Red Hat Product Security has rated this update as having a security impact
    of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Description:
    
    Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak
    project, that provides authentication and standards-based single sign-on
    capabilities for web and mobile applications.
    
    This asynchronous patch is a security update for the Undertow package in
    Red Hat Single Sign-On 7.3.7. 
    
    Security Fix(es):
    
    * undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, and other related information, refer to the CVE page(s) listed in
    the References section.
    
    3. Solution:
    
    Before applying the update, back up your existing installation, including
    all applications, configuration files, databases and database settings, and
    so on.
    
    The References section of this erratum contains a download link (you must
    log in to download the update).
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2020-1745
    https://access.redhat.com/security/updates/classification/#critical
    https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.3
    https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXnkZu9zjgjWX9erEAQhFyw//TmfmxHpC4jnFDMdsfQ5MFWl1Rgr4o+Bm
    EBYnBVqiwJmQYDvUabgx3whW0Vebl3YqrYcgHPTcBioHiMYFNOIRohdTNSov987Q
    zq0Z518zgycpSM1esJB9lviyYK6hhYP0O9G9mpKtgN+x4x//qDWIax8GMckroo1W
    R/8G8aZhn0A3R0o+4YJ+vNwQIIIYLryd52OdyHaOLqWOErzobw6gemx+uTI5ScrO
    FbSz3xewdPav1buAqShfiqCK12ZmZP7Zn/xIUFG6mVi1gceuofbXjUriMgsuLIXt
    PFcBgaxFO0Imi4sqDRY6M/YOF24QFXvLfZkv1KPucOx/jboSyKF1kqR2mQqhOjhI
    muBJVpFqVaWL6iFD6Fq1DNvoezRJAqFpn+ddh5RupvzbbtTv7YFxssstuAAdUivH
    x5rSeSVPSgTEnXEwmo7DhEI4iuNHVV3gmFAhZvX/Fv/6R9zzKV+FVxQAN/a+7buP
    RYLTDEenSEhJD0vyIBPJpcxwc6Vf6SKNerqkJHhZvOkeyw/mCrHQhnfo4swLFu+J
    MCL1TW+iKhM57Cw+OVpy7iSNN9BtSGMZWSn0ECx5wL6y9zE0biBZTKsYI9PH6218
    /hlvst1bCeMrIX30k1CJYze4AN0+ZV4cmsJx/smm6U3DsbjK0dw+CDdeJ6586VA3
    vad+VTIrETw=
    =AphV
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"48","type":"x","order":"1","pct":88.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"4","type":"x","order":"2","pct":7.41,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"2","type":"x","order":"3","pct":3.7,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.