2 UPDATED packages keycloak - Open Source Identity and Access Management For Modern Applications and Services [899M] * Wed Oct 01 2025 Andrey Cherepanov <cas@altlinux> 26.4.0-alt1 - New version (fixes: CVE-2025-48924, CVE-2025-7962). * Thu Sep 25 2025 Andrey Cherepanov <cas@altlinux> 26.3.5-alt1 - New version (fixes: CVE-2025-58057, CVE-2025-58056). * Sat Sep 13 2025 Andrey Cherepanov <cas@altlinux> 26.3.4-alt1 - New version. * Sat Aug 23 2025 Andrey Cherepanov <cas@altlinux> 26.3.3-alt1 - New version. * Fri Aug 22 2025 Andrey Cherepanov <cas@altlinux> 26.3.2-alt1 - New version (fixes: CVE-2025-49574, CVE-2025-7365, CVE-2025-5416). - Excluded base theme drom settings. * Sat May 31 2025 Andrey Cherepanov <cas@altlinux> 26.2.5-alt1 - New version. * Fri May 09 2025 Andrey Cherepanov <cas@altlinux> 26.2.4-alt1 - New version. * Mon May 05 2025 Andrey Cherepanov <cas@altlinux> 26.2.3-alt1 - New version. * Fri May 02 2025 Andrey Cherepanov <cas@altlinux> 26.2.2-alt1 - New version. - Security fixes: + CVE-2025-3910 Two factor authentication bypass + CVE-2025-3501 Keycloak hostname verification * Fri Apr 25 2025 Andrey Cherepanov <cas@altlinux> 26.2.1-alt1 - New version. * Sat Apr 12 2025 Andrey Cherepanov <cas@altlinux> 26.2.0-alt1 - New version. - Security fixes: + CVE-2024-12397 - HTTP Request Smuggling in io.quarkus.http:quarkus-http-core dist/quarkus * Wed Mar 19 2025 Andrey Cherepanov <cas@altlinux> 26.1.4-alt1 - New version. * Sun Mar 02 2025 Andrey Cherepanov <cas@altlinux> 26.1.3-alt1 - New version. - Security fixes: + CVE-2025-0736 Error during JGroups channel creation may reveal secure information + CVE-2024-47072 XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream * Wed Feb 19 2025 Andrey Cherepanov <cas@altlinux> 26.1.2-alt2 - (%post) Copy configuration files from /usr/share/keycloak/conf. - Mention CVE-2024-7260, fixed in 24.0.7. * Tue Feb 11 2025 Andrey Cherepanov <cas@altlinux> 26.1.2-alt1 - New version. - Security fixes: + CVE-2024-11736 Unrestricted admin use of system and environment variables + CVE-2024-11734 Denial of Service in Keycloak Server via Security Headers + CVE-2024-10451 Sensitive Data Exposure in Keycloak Build Process + CVE-2024-10270 Potential Denial of Service + CVE-2024-10492 Keycloak path trasversal + CVE-2024-9666 Keycloak proxy header handling Denial-of-Service (DoS) vulnerability + CVE-2024-10039 Bypassing mTLS validation + CVE-2021-44549 org.eclipse.angus/angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication + CVE-2024-8883 Vulnerable Redirect URI Validation Results in Open Redirect + CVE-2024-8698 Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak + CVE-2024-7341 Session fixation in the SAML adapters * Sun May 26 2024 Andrey Cherepanov <cas@altlinux> 24.0.4-alt2 - Moved config to /etc/keycloak. - Marked config file as %config(noreplace) (ALT #50434). - Moved keycloak homedir to /usr/lib/keycloak. - Added service file * Thu May 09 2024 Andrey Cherepanov <cas@altlinux> 24.0.4-alt1 - New version. * Sat Apr 27 2024 Andrey Cherepanov <cas@altlinux> 24.0.3-alt1 - Initial build for Sisyphus (ALT #44193). Note: changelog entry for 24.0.3-alt0.p10.1 not found.
libxml2 - The library for manipulating XML files * Tue Oct 21 2025 Alexander Danilov <admsasha@altlinux> 1:2.9.12-alt1.p10.5 - Applied security fixes from upstream (Fixes: CVE-2024-56171, CVE-2025-32415, CVE-2025-24928). * Fri Oct 03 2025 Alexander Danilov <admsasha@altlinux> 1:2.9.12-alt1.p10.4 - Applied security fixes from upstream (Fixes: CVE-2025-9714). * Mon Jul 14 2025 Alexander Danilov <admsasha@altlinux> 1:2.9.12-alt1.p10.3 Total 19071 source packages. _______________________________________________ Sisyphus-cybertalk mailing list [email protected] https://lists.altlinux.org/mailman/listinfo/sisyphus-cybertalk
