FS#66642 : [keycloak] [Security] arbitrary code execution (CVE-2020-1714)

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#66642 - [keycloak] [Security] arbitrary code execution (CVE-2020-1714)

Attached to Project: Community Packages
Opened by Morten Linderud (Foxboron) - Wednesday, 13 May 2020, 21:23 GMT
Last edited by Sven-Hendrik Haase (Svenstaro) - Sunday, 17 May 2020, 23:49 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Sven-Hendrik Haase (Svenstaro) Levente Polyak (anthraxx)
Architecture	All
Severity	High
Priority	Urgent
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Summary
=======

The package keycloak is vulnerable to arbitrary code execution via CVE-2020-1714.

Guidance
========

Upgrade the package to newest release or pull the patch.

References
==========

https://security.archlinux.org/AVG-1158
https://github.com/keycloak/keycloak/pull/7053
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714

This task depends upon

Closed by Sven-Hendrik Haase (Svenstaro)
Sunday, 17 May 2020, 23:49 GMT
Reason for closing: Fixed

Comments (1)
Related Tasks (0/0)

Comment by Sven-Hendrik Haase (Svenstaro) - Wednesday, 13 May 2020, 23:26 GMT

PR patch applied and pushed in 10.0.0-2. Also updated our own installation of keycloak.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

Community Packages

FS#66642 - [keycloak] [Security] arbitrary code execution (CVE-2020-1714)

Details

Loading...