Issued:

2025-01-13

Updated:

2025-01-13

RHSA-2025:0300 - Moderate: Red Hat build of Keycloak 26.0.8 Update

Synopsis

Moderate: Red Hat build of Keycloak 26.0.8 Update

Type/Severity

Security Advisory Moderate

Topic

New Red Hat build of Keycloak 26.0.8 packages are available from the Customer Portal

Description

Red Hat build of Keycloak 26.0.8 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

Security fixes:

• Denial of Service in Keycloak Server via Security Headers (CVE-2024-11734)
• Unrestricted admin use of system and environment variables (CVE-2024-11736)

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Fixes

• This content is not included.BZ - 2328846
• This content is not included.BZ - 2328850

CVEs

• CVE-2024-11734
• CVE-2024-11736

References

• https://access.redhat.com/security/updates/classification/#moderate

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.