Vulmon
Amazon Linux 2 Security Advisory: ALAS-2019-1324
Advisory Release Date: 2019-10-21 18:01 Pacific
Advisory Updated Date: 2019-10-23 23:47 Pacific
Severity:
Low
Issue Overview:
It was discovered that keycloak-httpd-client-install uses a predictable log file name in /tmp. A local attacker could create a symbolic link to a sensitive location, possibly causing data corruption or denial of service.(CVE-2017-15111)
In keycloak-http-client-install prior to version 0.8, the admin password could be provided through a command-line argument. This might result in the password being leaked through shell history, or becoming visible to a local attacker at the time the program is running.(CVE-2017-15112)
Affected Packages:
keycloak-httpd-client-install
Issue Correction:
Run yum update keycloak-httpd-client-install to update your system.
New Packages:
noarch:
keycloak-httpd-client-install-0.8-1.amzn2.noarch
python2-keycloak-httpd-client-install-0.8-1.amzn2.noarch
src:
keycloak-httpd-client-install-0.8-1.amzn2.src