RHSA-2020:5533: Important: Red Hat Single Sign-On 7.4.4 security update
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.This release of Red Hat Single Sign-On 7.4.4 serves as a replacement for Red Hat Single Sign-On 7.4.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.Security Fix(es): redhat-sso-7-openshift-containers: /etc/passwd is given incorrect privileges (CVE-2020-10695) hibernate-core: SQL injection vulnerability when both hibernate.usesqlcomments and JPQL String literals are used (CVE-2020-25638) jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649) keycloak: Account REST API can update user metadata attributes (CVE-2020-27826) keycloak-nodejs-connect: nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2020:5533?
The severity of RHSA-2020:5533 is classified as moderate.
How do I fix RHSA-2020:5533?
To fix RHSA-2020:5533, upgrade to Red Hat Single Sign-On version 7.4.4 or later.
What versions of Red Hat Single Sign-On are affected by RHSA-2020:5533?
RHSA-2020:5533 affects Red Hat Single Sign-On versions prior to 7.4.4.
What are the potential impacts of RHSA-2020:5533?
The potential impacts of RHSA-2020:5533 include security vulnerabilities that may allow unauthorized access.
Is there a workaround for RHSA-2020:5533?
There are no known workarounds for RHSA-2020:5533; upgrading is the recommended solution.