- Vulnerability/
- RHSA-2023:2710
RHSA-2023:2710: Moderate: Red Hat Single Sign-On 7.6.3 for OpenShift image security update
First published: Wed May 10 2023(Updated: )
Red Hat Single Sign-On is an integrated sign-on solution, available as a<br>Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat<br>Single Sign-On for OpenShift image provides an authentication server that<br>you can use to log in centrally, log out, and register. You can also manage<br>user accounts for web applications, mobile applications, and RESTful web<br>services.<br>This erratum releases a new image for Red Hat Single Sign-On 7.6.3 for use within the Red Hat OpenShift Container Platform (from the release of 3.11<br>up to the release of 4.12.0) cloud computing Platform-as-a-Service (PaaS)<br>for on-premise or private cloud deployments, aligning with the standalone<br>product release.<br>Security Fix(es):<br><li> ok<a href="http:" target="_blank">http:</a> information disclosure via improperly used cryptographic function (CVE-2021-0341)</li> <li> undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)</li> <li> snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)</li> <li> dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)</li> <li> codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)</li> <li> apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)</li> <li> RESTEasy: creation of insecure temp files (CVE-2023-0482)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2129710
- https://bugzilla.redhat.com/show_bug.cgi?id=2151988
- https://bugzilla.redhat.com/show_bug.cgi?id=2153260
- https://bugzilla.redhat.com/show_bug.cgi?id=2153379
- https://bugzilla.redhat.com/show_bug.cgi?id=2154086
- https://bugzilla.redhat.com/show_bug.cgi?id=2158916
- https://bugzilla.redhat.com/show_bug.cgi?id=2166004
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/errata/RHSA-2023:2710 (Advisory)
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2023:2710
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type