- Issued:
- 2025-07-23
- Updated:
- 2025-07-23
RHSA-2025:11640 - Moderate: Red Hat Single Sign-On 7.6.12 security update on RHEL 9
Synopsis
Moderate: Red Hat Single Sign-On 7.6.12 security update on RHEL 9
Type/Severity
Security Advisory Moderate
Topic
New Red Hat Single Sign-On 7.6.12 packages are now available for Red Hat Enterprise Linux 9.
Description
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.12 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.11, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. This security update has moderate impact.
Security fixes:
- org.wildfly.core/wildfly-core-management-client: Wildfly vulnerable to Cross-Site Scripting (XSS) (CVE-2024-10234)
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Single Sign-On | 7.6 | x86_64 |
Updated Packages
- rh-sso7-keycloak-18.0.19-1.redhat_00002.1.el9sso.noarch.rpm
- rh-sso7-keycloak-18.0.19-1.redhat_00002.1.el9sso.src.rpm
- rh-sso7-keycloak-server-18.0.19-1.redhat_00002.1.el9sso.noarch.rpm
Fixes
CVEs
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.