keycloak-httpd-client-install-0.8-1.el7
エラータID: AXSA:2019-4175:01
The keycloak-httpd-client-install packages provide various libraries and tools that can automate and simplify the configuration of Apache httpd authentication modules when registering as a Asianux Single Sign-On (RH-SSO, also called Keycloak) federated Identity Provider (IdP) client.
The following packages have been upgraded to a later upstream version: keycloak-httpd-client-install (0.8). (BZ#1673716)
Security Fix(es):
* keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloak_cli.py (CVE-2017-15111)
* keycloak-httpd-client-install: unsafe use of -p/--admin-password on command line (CVE-2017-15112)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2017-15111
keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.
CVE-2017-15112
keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.
Update packages.
keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.
keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.
N/A
SRPMS
- keycloak-httpd-client-install-0.8-1.el7.src.rpm
MD5: b26cd03702ea5a3150ee2d933ebe167a
SHA-256: 6ee8468435f73749100d100ce89d9068faa3d4ab94fc242deda4b3b8f3447713
Size: 46.83 kB
Asianux Server 7 for x86_64
- keycloak-httpd-client-install-0.8-1.el7.noarch.rpm
MD5: f670485bfd662dc1d19029c7ecfa0320
SHA-256: 2ebd5282036fd7e4719e17e6ea3025c4be0336413db907cd6f5c1585018aec5b
Size: 18.56 kB - python2-keycloak-httpd-client-install-0.8-1.el7.noarch.rpm
MD5: 6a88cd509f1cfae6d32c4e34e674bdda
SHA-256: 6051d41ae6ec0ca91b48a72ced2fddb21c65b259cdede01437a11df8ae7c1b30
Size: 36.45 kB