security update in Fedora 26 for keycloak-httpd-client-install

Status: testing a year ago

Two minor security issues were discovered and were assigned CVE's. CVE-2017-15112 concerns the ability to pass a password on the command line where it could be exposed. That option has been deprecated. See the man page for multiple ways to pass the password. CVE-2017-15111 corrects the default location of a log file when running the low level utilities directly, it had placed the log file in /tmp where a symbolic link could be created pointing to another file. The risk with CVE-2017-15111 is very low as this feature is seldom used, it's mostly for developers.

How to install

sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2018-66b885ae3c

Comments 3

This update has been submitted for testing by jdennis.

This update has been pushed to testing.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

Content Type
Test Gating
Submitted by
Update Type
Update Severity
stable threshold: 3
unstable threshold: -3
submitted a year ago
in testing a year ago

Automated Test Results