FS#66642 : [keycloak] [Security] arbitrary code execution (CVE-2020-1714)

FS#66642 - [keycloak] [Security] arbitrary code execution (CVE-2020-1714)

Attached to Project: Community Packages
Opened by Morten Linderud (Foxboron) - Wednesday, 13 May 2020, 21:23 GMT
Last edited by Sven-Hendrik Haase (Svenstaro) - Sunday, 17 May 2020, 23:49 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Sven-Hendrik Haase (Svenstaro) Levente Polyak (anthraxx)
Architecture	All
Severity	High
Priority	Urgent
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Summary
=======

The package keycloak is vulnerable to arbitrary code execution via CVE-2020-1714.

Guidance
========

Upgrade the package to newest release or pull the patch.

References
==========

https://security.archlinux.org/AVG-1158
https://github.com/keycloak/keycloak/pull/7053
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714

This task depends upon

Closed by Sven-Hendrik Haase (Svenstaro)
Sunday, 17 May 2020, 23:49 GMT
Reason for closing: Fixed

Comment by Sven-Hendrik Haase (Svenstaro) - Wednesday, 13 May 2020, 23:26 GMT

PR patch applied and pushed in 10.0.0-2. Also updated our own installation of keycloak.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#66642 - [keycloak] [Security] arbitrary code execution (CVE-2020-1714)

Details

Loading...