RedHat: RHSA-2022-1711:01 Moderate: Red Hat Single Sign-On 7.5.2 se...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Single Sign-On 7.5.2 security update on RHEL 7
Advisory ID:       RHSA-2022:1711-01
Product:           Red Hat Single Sign-On
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:1711
Issue date:        2022-05-04
CVE Names:         CVE-2022-1245 
=====================================================================

1. Summary:

New Red Hat Single Sign-On 7.5.2 packages are now available for Red Hat
Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Single Sign-On 7.5 for RHEL 7 Server - noarch

3. Description:

Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.5.2 on RHEL 7 serves as a security
patch for Red Hat Single Sign-On 7.5.2, and includes bug fixes and
enhancements, which are documented in the Release Notes document linked to
in the References.

Security Fix(es):

* keycloak: Privilege escalation vulnerability on Token Exchange
(CVE-2022-1245)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2071036 - CVE-2022-1245 keycloak: Privilege escalation vulnerability on Token Exchange

6. JIRA issues fixed (https://issues.jboss.org/):

CIAM-2832 - RPM build

7. Package List:

Red Hat Single Sign-On 7.5 for RHEL 7 Server:

Source:
rh-sso7-keycloak-15.0.6-1.redhat_00002.1.el7sso.src.rpm

noarch:
rh-sso7-keycloak-15.0.6-1.redhat_00002.1.el7sso.noarch.rpm
rh-sso7-keycloak-server-15.0.6-1.redhat_00002.1.el7sso.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

8. References:

https://access.redhat.com/security/cve/CVE-2022-1245
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/cve/cve-2022-12454
https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.5/html/release_notes/index
https://access.redhat.com/articles/11258

9. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYnKnF9zjgjWX9erEAQj0vxAAmgfOHAfUU/eNL3fDVan+AwK/MIGYgJRM
OLj4OTDOfo3+wdRKnSscz2iPUqhMAxvI4l9drhUekr+GLpGfbExZzFlZthkBkZGq
CgVURwLA4MLgGoVD7CepgJhQ1s3/RiI0GyZnnSne3WlxZtTQyg5CD1drLUNSGeJe
M3t7aHXfJMn5PRZq+5TOk6XfFn/uJcjkekLcCFC2mjGpcp1uiuGX0hQJ9RRwgusq
g3RXzd7CQqQAVQMAow4R5bAhN0m0GkgYsxKRKTXXOAlrQLM5pyYWKYvtSySZ03mU
Qaqi46FJgPjvt6GhltwDVAeVE9CdofZRo8+4CaSfUXqzxT6MOva2xDqkjShJMaNA
1l6N9juVSd5n2vFw4ZaIlEupt/AB7wl7rgZEUivd0E19rauuQljLJLMcCanEnzMb
ISma6+A8SmDL6RRoC96HIFehxb9Bb3/uotwjvYD7ejkhdwcg5hMQUXET3MemoW/Q
0lIfHSTPUgufcElxmv6HqhD4bPA0ReYH4e2V73EeGKZqqJtdxEGayP4UNTnnwywE
+dhmzKEmVf2aJom9TBevr7Yt/B0kkTSzkxWuX/u6/usWy9ArHUKUQTY5Z2FhbXAA
9XjF6ZdOy2soAoq90EABzJvSjSjATRMYytIKAtXI5TrDIgLTZnUb4lP5vMgFloy5
0ZplXbEDchg=
=3Du6
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-1711:01 Moderate: Red Hat Single Sign-On 7.5.2 security

New Red Hat Single Sign-On 7.5.2 packages are now available for Red Hat Enterprise Linux 7

Summary

Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.5.2 on RHEL 7 serves as a security patch for Red Hat Single Sign-On 7.5.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* keycloak: Privilege escalation vulnerability on Token Exchange (CVE-2022-1245)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2022-1245 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/cve/cve-2022-12454 https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.5/html/release_notes/index https://access.redhat.com/articles/11258

Package List

Red Hat Single Sign-On 7.5 for RHEL 7 Server:
Source: rh-sso7-keycloak-15.0.6-1.redhat_00002.1.el7sso.src.rpm
noarch: rh-sso7-keycloak-15.0.6-1.redhat_00002.1.el7sso.noarch.rpm rh-sso7-keycloak-server-15.0.6-1.redhat_00002.1.el7sso.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity
Advisory ID: RHSA-2022:1711-01
Product: Red Hat Single Sign-On
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1711
Issued Date: : 2022-05-04
CVE Names: CVE-2022-1245

Topic

New Red Hat Single Sign-On 7.5.2 packages are now available for Red HatEnterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Single Sign-On 7.5 for RHEL 7 Server - noarch

Bugs Fixed

2071036 - CVE-2022-1245 keycloak: Privilege escalation vulnerability on Token Exchange

6. JIRA issues fixed (https://issues.jboss.org/):

CIAM-2832 - RPM build

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.