RHSA-2023:4920: Important: Red Hat Single Sign-On 7.6.5 security update on RHEL 9
Important: Red Hat Single Sign-On 7.6.5 security update on RHEL 9
Other sources
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.This release of Red Hat Single Sign-On 7.6.5 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.Security Fix(es): undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223) jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877) jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
— Red Hat
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2023:4920?
The severity of RHSA-2023:4920 is high (severity value: 7).
How do I fix RHSA-2023:4920?
To fix RHSA-2023:4920, you need to update Red Hat Single Sign-On to version 18.0.9-1.redhat_00001.1.el9 or later.
Which software is affected by RHSA-2023:4920?
RHSA-2023:4920 affects Red Hat Single Sign-On 7.6.5 on RHEL 9.
Where can I find more information about RHSA-2023:4920?
You can find more information about RHSA-2023:4920 on the Red Hat website at the following link: [RHSA-2023:4920](https://access.redhat.com/errata/RHSA-2023:4920).