Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update
🔗 CVE IDs covered (11)
📋 Description
CVE-2020-36518 — jackson-databind: denial of service via a large depth of nested objects CVE-2021-42392 — h2: Remote Code Execution in Console CVE-2021-42575 — owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution CVE-2021-43797 — netty: control chars in header names may lead to HTTP request smuggling CVE-2022-0084 — xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr CVE-2022-0225 — keycloak: Stored XSS in groups dropdown CVE-2022-0853 — jboss-client: memory leakage in remote client transaction CVE-2022-0866 — wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled CVE-2022-1319 — undertow: Double AJP response for 400 from EAP 7 results in CPING failures CVE-2022-2668 — keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console CVE-2022-23913 — artemis-commons: Apache ActiveMQ Artemis DoS
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2022:7417
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.6
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2031958
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2039403
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2040268
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2060929
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2064226
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2064698
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2115392
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7417.json