- 发布:
- 2025-11-13
- 已更新:
- 2025-11-13
RHSA-2025:21370 - Security Advisory
概述
Moderate: Red Hat build of Keycloak 26.4.4 Security Update
类型/严重性
Security Advisory: Moderate
标题
New Red Hat build of Keycloak 26.4.4 packages are available from the Customer Portal
描述
Red Hat build of Keycloak 26.4.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
Security fixes:
- Unable to restrict access to the admin console (CVE-2025-10939) * Debug default bind address (CVE-2025-11538)
- User can refresh offline session even after client's offline_access scope was removed (CVE-2025-12110)
- WebAuthn Attestation Statement Verification Bypass (CVE-2025-12150)
- Offline Session takeover due to reused Authentication Session ID (CVE-2025-12390)
解决方案
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
受影响的产品
- Red Hat build of Keycloak Text-only Advisories x86_64
修复
(none)Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。
