- 发布:
- 2025-06-09
- 已更新:
- 2025-06-09
RHSA-2025:8690 - Security Advisory
概述
Important: Red Hat build of Keycloak 26.2.5 Security Update
类型/严重性
Security Advisory: Important
标题
New Red Hat build of Keycloak 26.2.5 packages are available from the Customer Portal
描述
Red Hat build of Keycloak 26.2.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
Security fixes:
- XStream: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream (CVE-2024-47072)
- Keycloak hostname verification (CVE-2025-3501)
解决方案
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
受影响的产品
- Red Hat build of Keycloak Text-only Advisories x86_64
修复
(none)Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。