Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
98
security advisorypackage updatesRed Hat VirtualizationRedHat Virtualization 4.4 Update: RHSA-2021-2866-01 Low Security Advisory
Updated dependency packages for ovirt-engine and ovirt-host that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: RHV Engine and Host Common Packages security update [ovirt-4.4.7] Advisory ID: RHSA-2021:2866-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2021:2866 Issue date: 2021-07-22 CVE Names: CVE-2021-3447 ==================================================================== 1. Summary: Updated dependency packages for ovirt-engine and ovirt-host that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch, x86_64 Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch, ppc64le, x86_64 Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8 - noarch, ppc64le, x86_64 3. Description: The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The ovirt-ansible-hosted-engine-setup package provides an Ansible role for deploying Red Hat Virtualization Hosted-Engine. Security Fix(es): * ansible: multiple modules expose securedvalues (CVE-2021-3447) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Previously, using an Ansible playbook to fetch virtual machine disk information was slow and incomplete, while the REST API fetched the information faster and more completely. In this release, the Ansible playbook fetches the information completely and quickly. (BZ#1947902) * The ovirt-engine in RHV 4.4.7 requires an Ansible 2.9.z version later than Ansible 2.9.20. In addition, in RHV 4.4.7 the version limitation for a specific Ansible version has been removed, the correct Ansible version is now shipped in the RHV subscription channels. (BZ#1966145) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values 1947902 - ansible modules for gathering VM information are incomplete and very slow 1953029 - HE deployment fails on "Add lines to answerfile" 1966145 - Remove version lock on specific ansible version and require ansible 2.9.z > = 2.9.21 in ovirt-engine 1969855 - [RFE] Update ovirt_vm module to allow setting multiple hosts for PlacementPolicy when affinity is "pinned" 6. Package List: Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux8: Source: ovirt-ansible-collection-1.5.3-1.el8ev.src.rpm python-ovirt-engine-sdk4-4.4.13-1.el8ev.src.rpm noarch: ovirt-ansible-collection-1.5.3-1.el8ev.noarch.rpm ppc64le: python-ovirt-engine-sdk4-debugsource-4.4.13-1.el8ev.ppc64le.rpm python3-ovirt-engine-sdk4-4.4.13-1.el8ev.ppc64le.rpm python3-ovirt-engine-sdk4-debuginfo-4.4.13-1.el8ev.ppc64le.rpm x86_64: python-ovirt-engine-sdk4-debugsource-4.4.13-1.el8ev.x86_64.rpm python3-ovirt-engine-sdk4-4.4.13-1.el8ev.x86_64.rpm python3-ovirt-engine-sdk4-debuginfo-4.4.13-1.el8ev.x86_64.rpm Red Hat Virtualization 4 Management Agent for RHEL 7Hosts: Source: ansible-2.9.21-1.el8ae.src.rpm ovirt-ansible-collection-1.5.3-1.el8ev.src.rpm ovirt-imageio-2.2.0-1.el8ev.src.rpm ovirt-openvswitch-2.11-1.el8ev.src.rpm python-ovirt-engine-sdk4-4.4.13-1.el8ev.src.rpm noarch: ansible-2.9.21-1.el8ae.noarch.rpm ovirt-ansible-collection-1.5.3-1.el8ev.noarch.rpm ovirt-openvswitch-2.11-1.el8ev.noarch.rpm ovirt-openvswitch-devel-2.11-1.el8ev.noarch.rpm ovirt-openvswitch-ovn-2.11-1.el8ev.noarch.rpm ovirt-openvswitch-ovn-central-2.11-1.el8ev.noarch.rpm ovirt-openvswitch-ovn-common-2.11-1.el8ev.noarch.rpm ovirt-openvswitch-ovn-host-2.11-1.el8ev.noarch.rpm ovirt-openvswitch-ovn-vtep-2.11-1.el8ev.noarch.rpm ovirt-python-openvswitch-2.11-1.el8ev.noarch.rpm ppc64le: ovirt-imageio-client-2.2.0-1.el8ev.ppc64le.rpm ovirt-imageio-common-2.2.0-1.el8ev.ppc64le.rpm ovirt-imageio-common-debuginfo-2.2.0-1.el8ev.ppc64le.rpm ovirt-imageio-daemon-2.2.0-1.el8ev.ppc64le.rpm ovirt-imageio-debugsource-2.2.0-1.el8ev.ppc64le.rpm python-ovirt-engine-sdk4-debugsource-4.4.13-1.el8ev.ppc64le.rpm python3-ovirt-engine-sdk4-4.4.13-1.el8ev.ppc64le.rpm python3-ovirt-engine-sdk4-debuginfo-4.4.13-1.el8ev.ppc64le.rpm x86_64: ovirt-imageio-client-2.2.0-1.el8ev.x86_64.rpm ovirt-imageio-common-2.2.0-1.el8ev.x86_64.rpm ovirt-imageio-common-debuginfo-2.2.0-1.el8ev.x86_64.rpm ovirt-imageio-daemon-2.2.0-1.el8ev.x86_64.rpm ovirt-imageio-debugsource-2.2.0-1.el8ev.x86_64.rpm python-ovirt-engine-sdk4-debugsource-4.4.13-1.el8ev.x86_64.rpm python3-ovirt-engine-sdk4-4.4.13-1.el8ev.x86_64.rpm python3-ovirt-engine-sdk4-debuginfo-4.4.13-1.el8ev.x86_64.rpm RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine4.4: Source: ansible-2.9.21-1.el8ae.src.rpm ovirt-ansible-collection-1.5.3-1.el8ev.src.rpm ovirt-imageio-2.2.0-1.el8ev.src.rpm ovirt-openvswitch-2.11-1.el8ev.src.rpm python-ovirt-engine-sdk4-4.4.13-1.el8ev.src.rpm noarch: ansible-2.9.21-1.el8ae.noarch.rpm ovirt-ansible-collection-1.5.3-1.el8ev.noarch.rpm ovirt-openvswitch-2.11-1.el8ev.noarch.rpm ovirt-openvswitch-devel-2.11-1.el8ev.noarch.rpm ovirt-openvswitch-ovn-2.11-1.el8ev.noarch.rpm ovirt-openvswitch-ovn-central-2.11-1.el8ev.noarch.rpm ovirt-openvswitch-ovn-common-2.11-1.el8ev.noarch.rpm ovirt-openvswitch-ovn-host-2.11-1.el8ev.noarch.rpm ovirt-openvswitch-ovn-vtep-2.11-1.el8ev.noarch.rpm ovirt-python-openvswitch-2.11-1.el8ev.noarch.rpm x86_64: ovirt-imageio-client-2.2.0-1.el8ev.x86_64.rpm ovirt-imageio-common-2.2.0-1.el8ev.x86_64.rpm ovirt-imageio-common-debuginfo-2.2.0-1.el8ev.x86_64.rpm ovirt-imageio-daemon-2.2.0-1.el8ev.x86_64.rpm ovirt-imageio-debugsource-2.2.0-1.el8ev.x86_64.rpm python-ovirt-engine-sdk4-debugsource-4.4.13-1.el8ev.x86_64.rpm python3-ovirt-engine-sdk4-4.4.13-1.el8ev.x86_64.rpm python3-ovirt-engine-sdk4-debuginfo-4.4.13-1.el8ev.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3447 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYPmOhNzjgjWX9erEAQg1wA//eVn3P9Tel8qIW9LXr8BulFppx4O2dMrt klWjKAnoV2lHeZXmFcc5zg4ybNrYEpXafW4Z4aPQQWiAxB/V9BOEMJMQq3tPQ7pB LZtOkg9UJICItNafFZTlhiQGAq6fBwBEVKXND4trC6Z3wT/x1HBej7Ienvidsz87 8VWS4dnFKvxT1KUO57Lgql4f/JQHw4qdw/z/oJvChhUgNtrd91LK9tCcyQIk1KQp yVdnSNLyZJzauWzHIbA+8HoAIlhJ8u2oMvksSG6k2lBGMjVv5ant7Aq/hzQd/BaE r22NFGDQAjPlL0dfFTWK3PkJWoOnLQy6vgvJ+87Wuw+ZMqfD2ExpR6d7+Hnilh3G ntmJFmZLZPxo/N6OAYqDyccSEnRR5wAw/56trXZqcp9QYCcyhl0G5avya9sixtoE V6yk9l4OgpHJE8aKXfzhggi4rHzVGYAdyAi9mSJ7JrTSq1rR8NZ6oRycRLSB8lhN +1Ugzmil6rGWaHyCWMrcP0Yq85Q+Waob0vMwNoUDyLjlyIQsLtnoZaojRV/JcmAF OPcyyai/IT9rukEMFaIOtzP1TguWlTvW3OSTIvNQNHSop2tM/VsCdJAk7L3oAPD0 HK/vir62AXUaUbUenv+QEViXvkdgmh/9cbfYrcti1lFTnV6XYD/P3+pR3z+32bms Z8SXcaSkgiA=riU3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 22, 2021 •Low Red Hat 98
security advisorydenial of serviceupdateRed Hat Enterprise Linux 8: RHSA-2021-1924-01 Low Severity SPICE DoS
An update for spice is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: spice security update Advisory ID: RHSA-2021:1924-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1924 Issue date: 2021-05-18 CVE Names: CVE-2021-20201 ==================================================================== 1. Summary: An update for spice is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, x86_64 3. Description: The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. Security Fix(es): * spice: Client initiated renegotiation denial of service (CVE-2021-20201) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked fromthe References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All applications using SPICE (most notably all QEMU-KVM instances using the SPICE console) must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1904459 - CVE-2021-20201 spice: OpenSSL(TLS/SSL) Security DoS Vulnerability - enables client-initiated renegotiation [rhel-8] 1921846 - CVE-2021-20201 spice: Client initiated renegotiation denial of service 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: spice-0.14.3-4.el8.src.rpm aarch64: spice-debugsource-0.14.3-4.el8.aarch64.rpm spice-server-0.14.3-4.el8.aarch64.rpm spice-server-debuginfo-0.14.3-4.el8.aarch64.rpm x86_64: spice-debugsource-0.14.3-4.el8.i686.rpm spice-debugsource-0.14.3-4.el8.x86_64.rpm spice-server-0.14.3-4.el8.i686.rpm spice-server-0.14.3-4.el8.x86_64.rpm spice-server-debuginfo-0.14.3-4.el8.i686.rpm spice-server-debuginfo-0.14.3-4.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: spice-debugsource-0.14.3-4.el8.aarch64.rpm spice-server-debuginfo-0.14.3-4.el8.aarch64.rpm spice-server-devel-0.14.3-4.el8.aarch64.rpm x86_64: spice-debugsource-0.14.3-4.el8.i686.rpm spice-debugsource-0.14.3-4.el8.x86_64.rpm spice-server-debuginfo-0.14.3-4.el8.i686.rpm spice-server-debuginfo-0.14.3-4.el8.x86_64.rpm spice-server-devel-0.14.3-4.el8.i686.rpm spice-server-devel-0.14.3-4.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-20201 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/ 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYKPx3NzjgjWX9erEAQjYvA//bld93FtB1ykwtluP6/BxsvwxV1BmleZm istENZ0E2Lb8vOf5ud8mW0TROSeh9RZ1KuwIGAhzzSQyLivKLU1WI16tGEDGb2PO abx49BNyjFh8jHbwvvLK9Zdi7l4evw6WUk8QBsN74hZwkKd713emSPyRgo1Mo06w pq41yay+Xxp4fqGsjsbeLm3X+0vFEg5mu9fHTgUl6WET7oR/gWanhMyDgYw6cot8 r/Kt/fUVl+xoi38vxFR5DNEs9YuQg4QtZbdVpiPjEISLW32JnFsfCt50Xx9YZbJw 2gAUA1oQCmvaORyP9ibwdhWtNiNzIzm4I9sOyaGRIqg6C6RQ2FnN7FpQzEAtFIdU eLp3KKm2iaWbSuqMrCv6kl9PqGdyC/CFwPbvjv48j47fFuWtx8zmbUsio7lw0UcQ U0JmhzyeOunPcX0ep9y5mo0805sXhi9LXxMskOzXa3kVNlEDoxz/TbrrsDdh6FZw dYyPfCXVgYQ/7ocCwZnLxSA3VMiYIdrl6rH1V4/X5rRDgHzM3m3R0ZFGjHoUOTYw X+PHzlejexTaVFOqehbg0WTM8ewS8mc8jhbetR2qvf0iVcZKAhEQTeqkdSBNUMn2 xwdLQs0aVlLVyUuyHGDTt7OnADWjLxXCCcjBY1DvAgvMmieA4tzFaPvoIwIeqWwh 8cVduqBcB/o=fg20 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 18, 2021 •Low Red Hat 
98
security advisoryRed HatCVE issueRedHat: RHSA-2019-3942-01 Low: OpenShift 4.1.24 Kubernetes Update
An update for openshift is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which . -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: OpenShift Container Platform 4.1.24 openshift security update Advisory ID: RHSA-2019:3942-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2019:3942 Issue date: 2019-11-21 CVE Names: CVE-2019-11244 ==================================================================== 1. Summary: An update for openshift is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 4.1 - x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the openshift container images for Red Hat OpenShift Container Platform 4.1.24. Security Fix(es): * A flaw was found in kubectl that leaves http-cache files with read/write permissions for any user. In conjunction with a non-default value for - --cache-dir, this could lead to the cache content being placed in a location accessible to other users in the system. (CVE-2019-11244) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the Referencessection. 4. Solution: For OpenShift Container Platform 4.1 see the following documentation, which will be updated shortly for release 4.1.24, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.1/html/release_notes/ocp-4-1-release-notes 5. Bugs fixed (https://bugzilla.redhat.com/): 1703209 - CVE-2019-11244 kubernetes: Schema info written with world-writeable permissions when cached 6. Package List: Red Hat OpenShift Container Platform 4.1: Source: openshift-4.1.24-201911080309.git.0.c41acf2.el7.src.rpm x86_64: openshift-clients-4.1.24-201911080309.git.0.c41acf2.el7.x86_64.rpm openshift-clients-redistributable-4.1.24-201911080309.git.0.c41acf2.el7.x86_64.rpm openshift-hyperkube-4.1.24-201911080309.git.0.c41acf2.el7.x86_64.rpm Red Hat OpenShift Container Platform 4.1: Source: openshift-4.1.24-201911080309.git.0.c41acf2.el8.src.rpm x86_64: openshift-clients-4.1.24-201911080309.git.0.c41acf2.el8.x86_64.rpm openshift-clients-redistributable-4.1.24-201911080309.git.0.c41acf2.el8.x86_64.rpm openshift-hyperkube-4.1.24-201911080309.git.0.c41acf2.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-11244 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE-----Version: GnuPGv1 iQIVAwUBXdZhjtzjgjWX9erEAQi88Q/+KdbP/T9/YBcDT12bS31wVQpFeFzfq+4E SrGT1mp+eFwj7O5A1Ix5FYwrbPg3s/n+9TXPV/nEjKlIEgGJgxi+vCLV6SMGDQCL XE+Wa0g6t3qOTdnEGOpgNpkfGAPeQ6W40Bsywimon3juUydeaNp1bSHEcA1jNOUr eQOgDauM27cyZYF5fuZe3TmymOMhGMNIQNFdoJngnnNHQPoHsep3bgTtc2Zjos9Q NRWG2MSZKctBZVKKpneb8WOaXCqoSGWa4xye5e7DPV6mKN+EqPPHzP6mkQXanRlP PB5vYJkUABt3rhUlREPUKif6rqv6zqD4lZq+C2VagAk+4H/TDX+xj6ZFj9IsEQmT z2DnpPezfWCSn2/M3Qb0d3yYRlqFgc2Xpdsi5G7cMUca2Xw9fUD1Yil1m5g3KY0e ZdRbdykUcsbEmAs08lrx70lA48onabh6tJU8cWDjDbxecdSGz2YDxt1CkwVWgyMz KJw4fiHUWnZHKfXSUODx3LG1yCTQVFMWahgIa4tGyFQeACwLHxVvqqfZgxANruAH LicoM4qnZ3bK+7UIzWE+9GP2U24KRq5Y5XRcu45ETDcpq7DRfkNMyiYOHnvdPEqy lRP64EE/Lp04DCKvI7f1f24KnEyrLT/n0Fp1+o6vEXFE8A3U1Te4qBsHsLlRK5vU mLemrNYFkSo=YlMd -----END PGP SIGNATURE-------RHSA-announce mailing list
Nov 21, 2019 •Low Red Hat 98
security advisoryRed Hatsoftware updateRed Hat JBoss EAP Advisory RHSA-2019-3048 with Low Severity Alert
Red Hat Single Sign-On 7.3.4 adapters are now available for Red Hat JBoss Enterprise Application Platform 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: RH-SSO 7.3.4 adapters for Enterprise Application Platform 6 security update Advisory ID: RHSA-2019:3048-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2019:3048 Issue date: 2019-10-14 CVE Names: CVE-2019-14820 ==================================================================== 1. Summary: Red Hat Single Sign-On 7.3.4 adapters are now available for Red Hat JBoss Enterprise Application Platform 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server - noarch Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server - noarch 3. Description: Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. These packages provide security updates to adapters for use with Red Hat Single Sign-On 7.3.4 for Red Hat JBoss Enterprise Application Platform 6. Security Fix(es): * keycloak: adapter endpoints are exposed via arbitrary URLs (CVE-2019-14820) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4.Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs 6. Package List: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server: Source: keycloak-adapter-sso7_3-eap6-4.8.13-1.Final_redhat_00001.1.ep6.el6.src.rpm noarch: keycloak-adapter-sso7_3-eap6-4.8.13-1.Final_redhat_00001.1.ep6.el6.noarch.rpm keycloak-saml-adapter-sso7_3-eap6-4.8.13-1.Final_redhat_00001.1.ep6.el6.noarch.rpm Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server: Source: keycloak-adapter-sso7_3-eap6-4.8.13-1.Final_redhat_00001.1.ep6.el7.src.rpm noarch: keycloak-adapter-sso7_3-eap6-4.8.13-1.Final_redhat_00001.1.ep6.el7.noarch.rpm keycloak-saml-adapter-sso7_3-eap6-4.8.13-1.Final_redhat_00001.1.ep6.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-14820 https://access.redhat.com/security/updates/classification#low https://docs.redhat.com/en/documentation/red_hat_single_sign-on/7.3 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXaS/Z9zjgjWX9erEAQjtxw/7Bu6V42F7CXOxFRl233Y/Rj2XmifdzDMh JLY9Ir36eivJFz3F/fScPfgxR3H5hZaAqW7N8piZbcH3fEgi7aNbr+AXxIIpeU3w 2hQa6nIDYqDRyeE4KKIzdqCW+ktaD+TdgzbhpPr8qLP6IVrLxiOc2WFFki5HG9+K cTuC7rszXrDSsQdVR/0+ItRlCVmd529m6vR+BNJeccUvfutk+hXZGPEUFKIp1Rkq sjMf79ILS0m5wLTLhX22HIgutPpipGs3EhKWI9JKsfX4GnIML2XSK1mnWqrVklEj IGwFjQKvnMjWBllvp5jJsg1zih9VyqZXx2xcu0npbt8n2Msahvd3pw/i0PIaeATY RLogpAFS+vohCQvBTdFPDHuShMaQx4drh+FJMa5XWDsAMGQl2rj7S2pAfVyVMETm g55sJ9Kk4qSfmwWwbk5Mrf8XK5bE2oQGmLDFNFa7UAL5nfxpnA4Uy+i6ifYH6Dsz bqhZICefzFxC9wc+0Gdmn5SxoA6M/IWt5KxffIvfuChPNnjYCAbs8ephU2lMQWIZ PHpFtUj7PSM6muwMqtsTzA4H+ocbTW+TP6f4Oz3uaFVHHZ20NrW01/QSolEH9IEE ud5H7Ga42CB5Ur+h92fUy0Ls9zqDbG/G4FhBkHfcG2yCkZWJ8IvCl7JuIk9m6nsB TPC9+ysTqVM=tjAM -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 14, 2019 •Low Red Hat 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!