-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Single Sign-On 7.5.0 security update on RHEL 7 Advisory ID: RHSA-2021:5218-01 Product: Red Hat Single Sign-On Advisory URL: https://access.redhat.com/errata/RHSA-2021:5218 Issue date: 2021-12-20 CVE Names: CVE-2021-4133 ==================================================================== 1. Summary: A security update is now available for Red Hat Single Sign-On 7.5 on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Single Sign-On 7.5 for RHEL 7 Server - noarch 3. Description: Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This is an asynchronous patch for Red Hat Single Sign-On 7.5, and includes one security fix. Security Fix: * keycloak: Incorrect authorization allows unpriviledged users to create other users (CVE-2021-4133) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2033602 - CVE-2021-4133 Keycloak: Incorrect authorization allows unpriviledged users to create other users 6. Package List: Red Hat Single Sign-On 7.5 for RHEL 7 Server: Source: rh-sso7-keycloak-15.0.2-3.redhat_00002.1.el7sso.src.rpm noarch: rh-sso7-keycloak-15.0.2-3.redhat_00002.1.el7sso.noarch.rpm rh-sso7-keycloak-server-15.0.2-3.redhat_00002.1.el7sso.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-4133 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.5/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYcDd1NzjgjWX9erEAQjJ7Q/9Enyhqs2NyXmcTM4/eMCoNv4OXVMME4mz bqWaoAHyBuQPi1BehZBNiKvK/BTptH88IElGb0xZ79yE8gtR+3V4RiAzJDD6gKAi moKYbCHw/C8Cs7OAXDomP7bOaL6X5RO9C3f9kA3DVRP1OJadpqV015atYhT04/+Y Eg7ffmzB+4cH5JyEF1rEuBZEg9IoEdQPMTDMQWtelIikfLlHJD0W887zd7CPblHi eyNHTg8ix/GwS/UpccqFE1v1xEQ3e4+IFXnv0OwJQ/qTnLiliaGqrV6mjZfOOR6t YQobVM8DkoPUZ+BbMlu3I7T0IuQEN8Tj56RrGRT17jjABGBV9MIhuQgd8/SVn/J/ vOiE+BheZREkCYPFd14bVyyGhobt923fZNjfpTqDPNHr2nTBPGuXsHXnJmBPx7s6 gFry3mI3LuxD5fKJl4TJWhTrdUwDO1MybKzih1G3erOpGM9ap9W2U7hBE961l8Wo 5ywCVuSWXWDG2JOv2ZXpQomuy5mBrepiFw9TSwbzXUrTo9B22YMJ8DvjcMbyMyu/ LQdA+pd9d4SVJfTohvdyhSKaACHgzKU5q939reEF0dJnEaE1jm1u02qo/gNZaC2P cWUsGlb1a4zhnMWW2+txkECorSNsZwKLOWHta4DSSUOweAE4g8RDDATlkSsVLugM 1JAqYp12Occ=+tv2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce