Red Hat Security Advisory: Red Hat Single Sign-On 7.3.6 security update
🔗 CVE IDs covered (13)
📋 Description
CVE-2019-10173 — xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) CVE-2019-10219 — hibernate-validator: safeHTML validator allows XSS CVE-2019-14540 — jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig CVE-2019-14888 — undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS CVE-2019-14892 — jackson-databind: Serialization gadgets in classes of the commons-configuration package CVE-2019-14893 — jackson-databind: Serialization gadgets in classes of the xalan package CVE-2019-16335 — jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource CVE-2019-16869 — netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers CVE-2019-16942 — jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* CVE-2019-16943 — jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource CVE-2019-17267 — jackson-databind: Serialization gadgets in classes of the ehcache package CVE-2019-17531 — jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* CVE-2020-1697 — keycloak: stored XSS in client settings via application links
🔗 References (14)
- selfhttps://access.redhat.com/errata/RHSA-2020:0445
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1722971
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1738673
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1755831
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1755849
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1758167
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1758171
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1758182
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1758187
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1758191
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1758619
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1775293
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0445.json