RHSA-2023:4918: Important: Red Hat Single Sign-On 7.6.5 security update on RHEL 7
Important: Red Hat Single Sign-On 7.6.5 security update on RHEL 7
Other sources
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.This release of Red Hat Single Sign-On 7.6.5 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.Security Fix(es): jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436) jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877) undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
— Red Hat
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2023:4918?
The severity of RHSA-2023:4918 is high.
What is the affected software for RHSA-2023:4918?
The affected software for RHSA-2023:4918 is Red Hat Single Sign-On 7.6.5 on RHEL 7.
How do I fix RHSA-2023:4918?
To fix RHSA-2023:4918, update the affected software to version 18.0.9-1.redhat_00001.1.el7 or later.
Are there any references for RHSA-2023:4918?
Yes, you can find more information about RHSA-2023:4918 at the following URLs: [1] https://bugzilla.redhat.com/show_bug.cgi?id=2182788, [2] https://bugzilla.redhat.com/show_bug.cgi?id=2185707, [3] https://bugzilla.redhat.com/show_bug.cgi?id=2209689.