Описание
ELSA-2019-2137: keycloak-httpd-client-install security, bug fix, and enhancement update (LOW)
[0.8-1]
- Resolves: rhbz#1673716 - Rebase k-h-c-i to version 0.8
- The rebase also includes fixes for:
- rhbz#1533190 - CVE-2017-15111 keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloak_cli.py
- rhbz#1533202 - CVE-2017-15112 keycloak-httpd-client-install: unsafe use of -p/--admin-password on command line
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
keycloak-httpd-client-install
0.8-1.el7
python2-keycloak-httpd-client-install
0.8-1.el7
Oracle Linux x86_64
keycloak-httpd-client-install
0.8-1.el7
python2-keycloak-httpd-client-install
0.8-1.el7
Связанные CVE
Связанные уязвимости
keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.
keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.
keycloak-httpd-client-install versions before 0.8 allow users to insec ...
keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.
keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.