ASA-202106-19 log generated external raw

[ASA-202106-19] keycloak: incorrect calculation
Arch Linux Security Advisory ASA-202106-19 ========================================== Severity: Low Date : 2021-06-01 CVE-ID : CVE-2021-3461 Package : keycloak Type : incorrect calculation Remote : Yes Link : Summary ======= The package keycloak before version 13.0.1-1 is vulnerable to incorrect calculation. Resolution ========== Upgrade to 13.0.1-1. # pacman -Syu "keycloak>=13.0.1-1" The problem has been fixed upstream in version 13.0.1. Workaround ========== None. Description =========== Keycloak may fail to logout a user session if the logout request comes from an external SAML identity provider that is set up to identify the principal via attributes rather than by Subject Name ID. Impact ====== A remote attacker could take over a logged out user session if they manage to obtain the old session token. References ==========