You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa keycloak-httpd-client-install

Sigurnosni nedostaci programskog paketa keycloak-httpd-client-install

  • Detalji os-a: WN7
  • Važnost: INF
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2018-01-18 21:29:58.585847

Name : keycloak-httpd-client-install
Product : Fedora 27
Version : 0.8
Release : 1.fc27
Summary : Tools to configure Apache HTTPD as Keycloak client
Description :
Keycloak is a federated Identity Provider (IdP). Apache HTTPD supports
a variety of authentication modules which can be configured to utilize
a Keycloak IdP to perform authentication. This package contains
libraries and tools which can automate and simplify configuring an
Apache HTTPD authentication module and registering as a client of a
Keycloak IdP.

Update Information:

Security fix for CVE-2017-15111, CVE-2017-15112 Two minor security issues were
discovered and were assigned CVE’s. CVE-2017-15112 concerns the ability to pass
a password on the command line where it could be exposed. That option has been
deprecated. See the man page for multiple ways to pass the password.
CVE-2017-15111 corrects the default location of a log file when running the low
level utilities directly, it had placed the log file in /tmp where a symbolic
link could be created pointing to another file. The risk with CVE-2017-15111 is
very low as this feature is seldom used, it’s mostly for developers.

[ 1 ] Bug #1511626 – CVE-2017-15112 keycloak-httpd-client-install: unsafe use of -p/–admin-password on command line
[ 2 ] Bug #1511623 – CVE-2017-15111 keycloak-httpd-client-install: unsafe /tmp log file in –log-file option in

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade keycloak-httpd-client-install’ at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to

AutorVlatka Misic
Cert idNCERT-REF-2018-01-0140-ADV
More in Preporuke
Sigurnosni nedostatak rootsh direktoriju

Otkriven je sigurnosni nedostatak u rootsh log direktoriju za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija....