Scientific Linux SL7: SLSA-2019-2137-1 Low: Keycloak-Httpd Security Flaws

keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloak_cli.py (CVE-2017-15111) * keycloak-httpd-client-install: unsafe use of -p/--admin-password on command line (CVE-2017-15112) SL7 x86_64 python2-keycloak-httpd-client-install-0.8-1.el7.noarch.rpm keycloak-httpd-client-install-0.8-1.el7.noarch.rpm noarch keycloak-httpd-client-install-0.8-1.el7.n [More...]

Synopsis: Low: keycloak-httpd-client-install security, bug fix, and 
Advisory ID:       SLSA-2019:2137-1
Issue Date:        2019-08-06
CVE Numbers:       CVE-2017-15112
                   CVE-2017-15111
--

Security Fix(es):

* keycloak-httpd-client-install: unsafe /tmp log file in --log-file option
in keycloak_cli.py (CVE-2017-15111)

* keycloak-httpd-client-install: unsafe use of -p/--admin-password on
command line (CVE-2017-15112)
--

SL7
  x86_64
    python2-keycloak-httpd-client-install-0.8-1.el7.noarch.rpm
    keycloak-httpd-client-install-0.8-1.el7.noarch.rpm
  noarch
    keycloak-httpd-client-install-0.8-1.el7.noarch.rpm
    python2-keycloak-httpd-client-install-0.8-1.el7.noarch.rpm

- Scientific Linux Development Team