- Issued:
- 2025-07-23
- Updated:
- 2025-07-23
RHSA-2025:11640 - Security Advisory
Synopsis
Moderate: Red Hat Single Sign-On 7.6.12 security update on RHEL 9
Type/Severity
Security Advisory: Moderate
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
New Red Hat Single Sign-On 7.6.12 packages are now available for Red Hat Enterprise Linux 9.
Description
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.12 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.11, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. This security update has moderate impact.
Security fixes:
- org.wildfly.core/wildfly-core-management-client: Wildfly vulnerable to Cross-Site Scripting (XSS) (CVE-2024-10234)
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Single Sign-On 7.6 for RHEL 9 x86_64
Fixes
- BZ - 2320848 - CVE-2024-10234 wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)
CVEs
Red Hat Single Sign-On 7.6 for RHEL 9
| SRPM | |
|---|---|
| rh-sso7-keycloak-18.0.19-1.redhat_00002.1.el9sso.src.rpm | SHA-256: 402bec39eafbabb86781560249ee72dfef2bd9c126882aacc3db596e170ec39e |
| x86_64 | |
| rh-sso7-keycloak-18.0.19-1.redhat_00002.1.el9sso.noarch.rpm | SHA-256: ff2631c99f92a9ceef157cf45ef3d5d2901daeff9ea1c1aded206e787a40cbe7 |
| rh-sso7-keycloak-server-18.0.19-1.redhat_00002.1.el9sso.noarch.rpm | SHA-256: 957779a710b7796fea5fd8bdf84464a05f4a02b17fea4e4cb12f4c30fc36e738 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
