- Issued:
- 2025-01-13
- Updated:
- 2025-01-13
RHSA-2025:0300 - Security Advisory
Synopsis
Moderate: Red Hat build of Keycloak 26.0.8 Update
Type/Severity
Security Advisory: Moderate
Topic
New Red Hat build of Keycloak 26.0.8 packages are available from the Customer Portal
Description
Red Hat build of Keycloak 26.0.8 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
Security fixes:
- Denial of Service in Keycloak Server via Security Headers (CVE-2024-11734)
- Unrestricted admin use of system and environment variables (CVE-2024-11736)
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat build of Keycloak Text-only Advisories x86_64
Fixes
- BZ - 2328846 - CVE-2024-11734 org.keycloak:keycloak-quarkus-server: Denial of Service in Keycloak Server via Security Headers
- BZ - 2328850 - CVE-2024-11736 org.keycloak:keycloak-quarkus-server: Unrestricted admin use of system and environment variables
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.