Issued:: 2018-07-26
Updated:: 2018-07-26

RHSA-2018:2279 - Important: Red Hat Single Sign-On 7.2 security update

Synopsis

Important: Red Hat Single Sign-On 7.2 security update

Type/Severity

Security Advisory Important

Topic

A security update is now available for Red Hat Single Sign-On 7.2 from the Customer Portal.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

This asynchronous patch is a security update for wildfly-core and apache-cxf packages in Red Hat Single Sign-On 7.2.

Security Fix(es):

apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)
wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files. (CVE-2018-10862)

Solution

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

The References section of this erratum contains a download link (you must log in to download the update).

Affected Products

Product	Version	Arch
Red Hat Single Sign-On	Text-Only Advisories	x86_64

Fixes

CVEs

References

Additional information

The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.