Exploit/Advisories no image

Published on March 3rd, 2023 📆 | 2196 Views ⚑

0

Red Hat Security Advisory 2023-1043-01 – Torchsec


Powered by iSpeech

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 7
Advisory ID: RHSA-2023:1043-01
Product: Red Hat Single Sign-On
Advisory URL: https://access.redhat.com/errata/RHSA-2023:1043
Issue date: 2023-03-01
CVE Names: CVE-2018-14040 CVE-2018-14042 CVE-2019-11358
CVE-2020-11022 CVE-2020-11023 CVE-2021-35065
CVE-2021-44906 CVE-2022-1274 CVE-2022-1438
CVE-2022-1471 CVE-2022-2764 CVE-2022-3782
CVE-2022-3916 CVE-2022-4137 CVE-2022-24785
CVE-2022-25857 CVE-2022-31129 CVE-2022-37603
CVE-2022-38749 CVE-2022-38750 CVE-2022-38751
CVE-2022-40149 CVE-2022-40150 CVE-2022-42003
CVE-2022-42004 CVE-2022-45047 CVE-2022-45693
CVE-2022-46175 CVE-2022-46363 CVE-2022-46364
CVE-2023-0091 CVE-2023-0264
====================================================================
1. Summary:

New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat
Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Single Sign-On 7.6 for RHEL 7 Server - noarch

3. Description:

Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.6.2 on RHEL 7 serves as a
replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and
enhancements, which are documented in the Release Notes document linked to
in the References.

Security Fix(es):

* keycloak: XSS on impersonation under specific circumstances
(CVE-2022-1438)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* keycloak: missing email notification template allowlist (CVE-2022-1274)
* keycloak: minimist: prototype pollution (CVE-2021-44906)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK
forever for EJB invocations (CVE-2022-2764)
* snakeyaml: Denial of Service due to missing nested depth limitation for
collections (CVE-2022-25857)
* loader-utils: loader-utils:Regular expression denial of service
(CVE-2022-37603)
* keycloak: Session takeover with OIDC offline refreshtokens
(CVE-2022-3916)
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* snakeyaml: Uncaught exception in
org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in
java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in
org.yaml.snakeyaml.constructor.BaseConstructor.constructObject
(CVE-2022-38750)
* keycloak: Client Registration endpoint does not check token revocation
(CVE-2023-0091)
* keycloak: glob-parent: Regular Expression Denial of Service
(CVE-2021-35065)
* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
* keycloak: keycloak: user impersonation via stolen uuid code
(CVE-2023-0264)
* snakeyaml: Constructor Deserialization Remote Code Execution
(CVE-2022-1471)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the
data-container property of tooltip (CVE-2018-14042)
* jettison: If the value in map is the map's self, the new new
JSONObject(map) cause StackOverflowError which may lead to dos
(CVE-2022-45693)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability
(CVE-2022-45047)
* jettison: memory exhaustion via user-supplied XML or JSON data
(CVE-2022-40150)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt
UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter
method (CVE-2020-11022)
* jquery: Passing HTML containing

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:





https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip
1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
2031904 - CVE-2022-1438 keycloak: XSS on impersonation under specific circumstances
2066009 - CVE-2021-44906 minimist: prototype pollution
2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale
2073157 - CVE-2022-1274 keycloak: HTML injection in execute-actions-email Admin REST API
2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
2117506 - CVE-2022-2764 Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations
2126789 - CVE-2022-25857 snakeyaml: Denial of Service due to missing nested depth limitation for collections
2129706 - CVE-2022-38749 snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode
2129707 - CVE-2022-38750 snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject
2129709 - CVE-2022-38751 snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match
2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays
2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data
2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow
2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding
2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service
2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens
2145194 - CVE-2022-45047 mina-sshd: Java unsafe deserialization vulnerability
2148496 - CVE-2022-4137 keycloak: reflected XSS attack
2150009 - CVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code Execution
2155681 - CVE-2022-46363 Apache CXF: directory listing / code exfiltration
2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability
2155970 - CVE-2022-45693 jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos
2156263 - CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse Method
2156324 - CVE-2021-35065 glob-parent: Regular Expression Denial of Service
2158585 - CVE-2023-0091 keycloak: Client Registration endpoint does not check token revocation
2160585 - CVE-2023-0264 keycloak: user impersonation via stolen uuid code

6. Package List:

Red Hat Single Sign-On 7.6 for RHEL 7 Server:

Source:
rh-sso7-keycloak-18.0.6-1.redhat_00001.1.el7sso.src.rpm

noarch:
rh-sso7-keycloak-18.0.6-1.redhat_00001.1.el7sso.noarch.rpm
rh-sso7-keycloak-server-18.0.6-1.redhat_00001.1.el7sso.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-14040
https://access.redhat.com/security/cve/CVE-2018-14042
https://access.redhat.com/security/cve/CVE-2019-11358
https://access.redhat.com/security/cve/CVE-2020-11022
https://access.redhat.com/security/cve/CVE-2020-11023
https://access.redhat.com/security/cve/CVE-2021-35065
https://access.redhat.com/security/cve/CVE-2021-44906
https://access.redhat.com/security/cve/CVE-2022-1274
https://access.redhat.com/security/cve/CVE-2022-1438
https://access.redhat.com/security/cve/CVE-2022-1471
https://access.redhat.com/security/cve/CVE-2022-2764
https://access.redhat.com/security/cve/CVE-2022-3782
https://access.redhat.com/security/cve/CVE-2022-3916
https://access.redhat.com/security/cve/CVE-2022-4137
https://access.redhat.com/security/cve/CVE-2022-24785
https://access.redhat.com/security/cve/CVE-2022-25857
https://access.redhat.com/security/cve/CVE-2022-31129
https://access.redhat.com/security/cve/CVE-2022-37603
https://access.redhat.com/security/cve/CVE-2022-38749
https://access.redhat.com/security/cve/CVE-2022-38750
https://access.redhat.com/security/cve/CVE-2022-38751
https://access.redhat.com/security/cve/CVE-2022-40149
https://access.redhat.com/security/cve/CVE-2022-40150
https://access.redhat.com/security/cve/CVE-2022-42003
https://access.redhat.com/security/cve/CVE-2022-42004
https://access.redhat.com/security/cve/CVE-2022-45047
https://access.redhat.com/security/cve/CVE-2022-45693
https://access.redhat.com/security/cve/CVE-2022-46175
https://access.redhat.com/security/cve/CVE-2022-46363
https://access.redhat.com/security/cve/CVE-2022-46364
https://access.redhat.com/security/cve/CVE-2023-0091
https://access.redhat.com/security/cve/CVE-2023-0264
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY//tzdzjgjWX9erEAQjGMw/9GShlhYmARmIYkF6eFGRo0n8BIl/HX9k6
08JQiGiM3xVfNNDaX5mbrUKmd2On7WLk9mbyc+reGvaVkIlZ44EQKLoEeqcDt1To
FA6QPakKUvsQoORKkYepFGayDWkflEiJyikRTDMRh/G2YVGR5Gid0V8Gmzg6CxNI
EezeskMdxZ229p3EmmJagzOCI3zL7xMxiTgoKpQ2EIcrHW/dkJcRMnYiPc1YsEpy
5sQJzN/+rQx6YKfk2gnBnjDOCJj5t7Zi+NadBLweVbhaXCUoRVn1ZNQ2mHL0IIGE
KE0PuQR5WzDTr8aYjo9PYuODWn2MTMEc6oVVQOvyMniPDqMhlLGlZ737EPSVx9nc
mJlakkCbD1k4jJyVTt+njlmrDbtlPKjLthrZ6ObUzzn9B19HaTj9ZjddAExn2oCl
IgI1ebhzw/W6Qmtt710YXv4C9qnip1y54OAZY1lw14ieyezTAevkqgRxb0Hx+9JW
OauavHhVd5En39l88jGcOhoF1uMx+UIj8pfT+HioTLIphy30wuzt3TimicNLvVhP
GvrRTP0BnJgUGe+P9F9/6ijlshjFBkcT42a56YvYtBJty3sbs6K59pZVxQEJjElV
acmzN3b6CmDgmPmz0Z2BJ9PBa/tM7sQHgqdjZG6e2FGsCj+JYFdmSrmaIz2BMsZz
ySQlGPdAbwU=il0D
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source link

Tagged with:



Comments are closed.






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑