Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4704: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#kubernetes#aws#auth#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-08-22

Updated:

2023-08-22

RHSA-2023:4704 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: subscription-manager security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for subscription-manager is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Security Fix(es):

  • subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration (CVE-2023-3899)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2225407 - CVE-2023-3899 subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration

Red Hat Enterprise Linux Server - AUS 8.4

SRPM

subscription-manager-1.28.13-7.el8_4.src.rpm

SHA-256: 04973de1a074fb1f5cf95e5e0bfa3d3d1220878f680003beb9040dbfacdc6f5d

x86_64

dnf-plugin-subscription-manager-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 5cde4beed5eb6437f3922a84332bf7155dcc8fa51966486632c9544c25814269

dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 62893307c13f45e18c706dae675b43400b7385ac1ee2cf8c60158a5bd7fb02ae

dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 62893307c13f45e18c706dae675b43400b7385ac1ee2cf8c60158a5bd7fb02ae

python3-subscription-manager-rhsm-1.28.13-7.el8_4.x86_64.rpm

SHA-256: e6b003bd6f7386ec4001b6cb8c6f34036f7a59288dc33ffb46d9d1bd397061a9

python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 0785e091a654d5678ad9c5734593297dc341dc8c947b6d262c2ad4797a050b68

python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 0785e091a654d5678ad9c5734593297dc341dc8c947b6d262c2ad4797a050b68

python3-syspurpose-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 6c691bc25ec2872fb3e0d2bf59b1483c2bde2b48e185d74295afbf5a082cc407

rhsm-gtk-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 5266416bcbd7f6cb315b4490ee6a03100dd854a14793659a4b1a3c39b7aa48db

rhsm-icons-1.28.13-7.el8_4.noarch.rpm

SHA-256: e8cf83e8e33a78dfce3ae3a5566cfb5c922ca0c37240c4db35044cc8f2e0cd73

subscription-manager-1.28.13-7.el8_4.x86_64.rpm

SHA-256: e3f886f265ebaec70ce14f5090305b4ce5bd231c394189cf350e5ab796e6a505

subscription-manager-cockpit-1.28.13-7.el8_4.noarch.rpm

SHA-256: 478118b7830f579d20b52eae207ba1de7bac4f631ccfde1cea6259382d2d0de7

subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm

SHA-256: a0866b84f4d29614a999ba62e039c6124c5db0cc0a8cca733677e78a1d8f0ecd

subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm

SHA-256: a0866b84f4d29614a999ba62e039c6124c5db0cc0a8cca733677e78a1d8f0ecd

subscription-manager-debugsource-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 7c0d3894e14ea5e02235152eb52bc331187d7b44621a9bb0b349e52d44e8c1a6

subscription-manager-debugsource-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 7c0d3894e14ea5e02235152eb52bc331187d7b44621a9bb0b349e52d44e8c1a6

subscription-manager-initial-setup-addon-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 56cc96d15342c7d10158fefb18c6f28372e1fdad04a16f4c7e848c3688ef0e99

subscription-manager-migration-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 9f7c85cf6725796879ff7310b7dc0a49c8522d135180175826facfb185b97da4

subscription-manager-plugin-ostree-1.28.13-7.el8_4.x86_64.rpm

SHA-256: e585b28ef33543a5c9c56d67e7218eae9a794cd51eec2229700ea34e6ee172c4

subscription-manager-rhsm-certificates-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 69eb9efb4dd1095da02072356164ad9d3088c1431d384340aba855830583213f

Red Hat Enterprise Linux Server - TUS 8.4

SRPM

subscription-manager-1.28.13-7.el8_4.src.rpm

SHA-256: 04973de1a074fb1f5cf95e5e0bfa3d3d1220878f680003beb9040dbfacdc6f5d

x86_64

dnf-plugin-subscription-manager-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 5cde4beed5eb6437f3922a84332bf7155dcc8fa51966486632c9544c25814269

dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 62893307c13f45e18c706dae675b43400b7385ac1ee2cf8c60158a5bd7fb02ae

dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 62893307c13f45e18c706dae675b43400b7385ac1ee2cf8c60158a5bd7fb02ae

python3-subscription-manager-rhsm-1.28.13-7.el8_4.x86_64.rpm

SHA-256: e6b003bd6f7386ec4001b6cb8c6f34036f7a59288dc33ffb46d9d1bd397061a9

python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 0785e091a654d5678ad9c5734593297dc341dc8c947b6d262c2ad4797a050b68

python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 0785e091a654d5678ad9c5734593297dc341dc8c947b6d262c2ad4797a050b68

python3-syspurpose-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 6c691bc25ec2872fb3e0d2bf59b1483c2bde2b48e185d74295afbf5a082cc407

rhsm-gtk-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 5266416bcbd7f6cb315b4490ee6a03100dd854a14793659a4b1a3c39b7aa48db

rhsm-icons-1.28.13-7.el8_4.noarch.rpm

SHA-256: e8cf83e8e33a78dfce3ae3a5566cfb5c922ca0c37240c4db35044cc8f2e0cd73

subscription-manager-1.28.13-7.el8_4.x86_64.rpm

SHA-256: e3f886f265ebaec70ce14f5090305b4ce5bd231c394189cf350e5ab796e6a505

subscription-manager-cockpit-1.28.13-7.el8_4.noarch.rpm

SHA-256: 478118b7830f579d20b52eae207ba1de7bac4f631ccfde1cea6259382d2d0de7

subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm

SHA-256: a0866b84f4d29614a999ba62e039c6124c5db0cc0a8cca733677e78a1d8f0ecd

subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm

SHA-256: a0866b84f4d29614a999ba62e039c6124c5db0cc0a8cca733677e78a1d8f0ecd

subscription-manager-debugsource-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 7c0d3894e14ea5e02235152eb52bc331187d7b44621a9bb0b349e52d44e8c1a6

subscription-manager-debugsource-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 7c0d3894e14ea5e02235152eb52bc331187d7b44621a9bb0b349e52d44e8c1a6

subscription-manager-initial-setup-addon-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 56cc96d15342c7d10158fefb18c6f28372e1fdad04a16f4c7e848c3688ef0e99

subscription-manager-migration-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 9f7c85cf6725796879ff7310b7dc0a49c8522d135180175826facfb185b97da4

subscription-manager-plugin-ostree-1.28.13-7.el8_4.x86_64.rpm

SHA-256: e585b28ef33543a5c9c56d67e7218eae9a794cd51eec2229700ea34e6ee172c4

subscription-manager-rhsm-certificates-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 69eb9efb4dd1095da02072356164ad9d3088c1431d384340aba855830583213f

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM

subscription-manager-1.28.13-7.el8_4.src.rpm

SHA-256: 04973de1a074fb1f5cf95e5e0bfa3d3d1220878f680003beb9040dbfacdc6f5d

ppc64le

dnf-plugin-subscription-manager-1.28.13-7.el8_4.ppc64le.rpm

SHA-256: 9c25012645cc82531a311fba38e376b1a2b1dad1c93ce480d3580ef29b7bc1af

dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.ppc64le.rpm

SHA-256: dc08d9943a92ddaa3b4a98f100f80c5fa7b4e3a2045838828c97d4d6f4aa173a

dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.ppc64le.rpm

SHA-256: dc08d9943a92ddaa3b4a98f100f80c5fa7b4e3a2045838828c97d4d6f4aa173a

python3-subscription-manager-rhsm-1.28.13-7.el8_4.ppc64le.rpm

SHA-256: 304b9324997bd8c1dcf81e77c30a01bd18a82ed031440fecd5d0c40ad9c44803

python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.ppc64le.rpm

SHA-256: 7afaeadafca7611b313f2054cdb90023695697f766cae8b3d599773eaff443c9

python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.ppc64le.rpm

SHA-256: 7afaeadafca7611b313f2054cdb90023695697f766cae8b3d599773eaff443c9

python3-syspurpose-1.28.13-7.el8_4.ppc64le.rpm

SHA-256: 40c858a0f665f561de7841584fe87e91f1cde5b611461d684c5b6b80b57d3652

rhsm-gtk-1.28.13-7.el8_4.ppc64le.rpm

SHA-256: 733a0d2962ede7db0f5acd8c0649370c570f6766008687091ee3f4944ce91c37

rhsm-icons-1.28.13-7.el8_4.noarch.rpm

SHA-256: e8cf83e8e33a78dfce3ae3a5566cfb5c922ca0c37240c4db35044cc8f2e0cd73

subscription-manager-1.28.13-7.el8_4.ppc64le.rpm

SHA-256: e2955c3655f5d6f33e47b7a668d8d1c8d55aa33f975d999cd7f13f7ab7bacb95

subscription-manager-cockpit-1.28.13-7.el8_4.noarch.rpm

SHA-256: 478118b7830f579d20b52eae207ba1de7bac4f631ccfde1cea6259382d2d0de7

subscription-manager-debuginfo-1.28.13-7.el8_4.ppc64le.rpm

SHA-256: c034a2046505048cbe9e670df4664f074168326c7af19a6643b1759e4e584bc2

subscription-manager-debuginfo-1.28.13-7.el8_4.ppc64le.rpm

SHA-256: c034a2046505048cbe9e670df4664f074168326c7af19a6643b1759e4e584bc2

subscription-manager-debugsource-1.28.13-7.el8_4.ppc64le.rpm

SHA-256: 5becb9821e014dae077bc3225e080dafbaf7ed066a417af652da7a0a05b169c8

subscription-manager-debugsource-1.28.13-7.el8_4.ppc64le.rpm

SHA-256: 5becb9821e014dae077bc3225e080dafbaf7ed066a417af652da7a0a05b169c8

subscription-manager-initial-setup-addon-1.28.13-7.el8_4.ppc64le.rpm

SHA-256: a641f6d7a3d65601c2fb7b9a609c073eecb01e4c694387a5347aa5cb1d341de9

subscription-manager-migration-1.28.13-7.el8_4.ppc64le.rpm

SHA-256: 5a205b9971ac05354e1b8039c433a655f396c781c40b2cf3e08625226313d04f

subscription-manager-plugin-ostree-1.28.13-7.el8_4.ppc64le.rpm

SHA-256: 4c6bbecbe7d0e9387bc1efe79a072b15a32a0fc6d5c75c0745eb9f39dcfe4884

subscription-manager-rhsm-certificates-1.28.13-7.el8_4.ppc64le.rpm

SHA-256: a719a727515a34d1063e37a046b4a3faaabc96fd1355dbf57d3d32f2fc2a1496

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM

subscription-manager-1.28.13-7.el8_4.src.rpm

SHA-256: 04973de1a074fb1f5cf95e5e0bfa3d3d1220878f680003beb9040dbfacdc6f5d

x86_64

dnf-plugin-subscription-manager-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 5cde4beed5eb6437f3922a84332bf7155dcc8fa51966486632c9544c25814269

dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 62893307c13f45e18c706dae675b43400b7385ac1ee2cf8c60158a5bd7fb02ae

dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 62893307c13f45e18c706dae675b43400b7385ac1ee2cf8c60158a5bd7fb02ae

python3-subscription-manager-rhsm-1.28.13-7.el8_4.x86_64.rpm

SHA-256: e6b003bd6f7386ec4001b6cb8c6f34036f7a59288dc33ffb46d9d1bd397061a9

python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 0785e091a654d5678ad9c5734593297dc341dc8c947b6d262c2ad4797a050b68

python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 0785e091a654d5678ad9c5734593297dc341dc8c947b6d262c2ad4797a050b68

python3-syspurpose-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 6c691bc25ec2872fb3e0d2bf59b1483c2bde2b48e185d74295afbf5a082cc407

rhsm-gtk-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 5266416bcbd7f6cb315b4490ee6a03100dd854a14793659a4b1a3c39b7aa48db

rhsm-icons-1.28.13-7.el8_4.noarch.rpm

SHA-256: e8cf83e8e33a78dfce3ae3a5566cfb5c922ca0c37240c4db35044cc8f2e0cd73

subscription-manager-1.28.13-7.el8_4.x86_64.rpm

SHA-256: e3f886f265ebaec70ce14f5090305b4ce5bd231c394189cf350e5ab796e6a505

subscription-manager-cockpit-1.28.13-7.el8_4.noarch.rpm

SHA-256: 478118b7830f579d20b52eae207ba1de7bac4f631ccfde1cea6259382d2d0de7

subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm

SHA-256: a0866b84f4d29614a999ba62e039c6124c5db0cc0a8cca733677e78a1d8f0ecd

subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm

SHA-256: a0866b84f4d29614a999ba62e039c6124c5db0cc0a8cca733677e78a1d8f0ecd

subscription-manager-debugsource-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 7c0d3894e14ea5e02235152eb52bc331187d7b44621a9bb0b349e52d44e8c1a6

subscription-manager-debugsource-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 7c0d3894e14ea5e02235152eb52bc331187d7b44621a9bb0b349e52d44e8c1a6

subscription-manager-initial-setup-addon-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 56cc96d15342c7d10158fefb18c6f28372e1fdad04a16f4c7e848c3688ef0e99

subscription-manager-migration-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 9f7c85cf6725796879ff7310b7dc0a49c8522d135180175826facfb185b97da4

subscription-manager-plugin-ostree-1.28.13-7.el8_4.x86_64.rpm

SHA-256: e585b28ef33543a5c9c56d67e7218eae9a794cd51eec2229700ea34e6ee172c4

subscription-manager-rhsm-certificates-1.28.13-7.el8_4.x86_64.rpm

SHA-256: 69eb9efb4dd1095da02072356164ad9d3088c1431d384340aba855830583213f

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2023-43057: Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484.

Red Hat Security Advisory 2023-5447-01

Red Hat Security Advisory 2023-5447-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

RHSA-2023:5421: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.3.2 security updates and bug fixes

Multicluster Engine for Kubernetes 2.3.2 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41721: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be attacker-manipulate...

RHSA-2023:5376: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.3 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.3 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts ...

Red Hat Security Advisory 2023-5233-01

Red Hat Security Advisory 2023-5233-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.4 images.

RHSA-2023:5096: Red Hat Security Advisory: Logging Subsystem 5.5.16 - Red Hat OpenShift security update

Logging Subsystem 5.5.16 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

Red Hat Security Advisory 2023-5175-01

Red Hat Security Advisory 2023-5175-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2023-5174-01

Red Hat Security Advisory 2023-5174-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.

Red Hat Security Advisory 2023-4933-01

Red Hat Security Advisory 2023-4933-01 - Logging Subsystem 5.7.6 addresses an issues where LokiStack authorization is cached too broadly.

Red Hat Security Advisory 2023-5001-01

Red Hat Security Advisory 2023-5001-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.49. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-5103-01

Red Hat Security Advisory 2023-5103-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.11.6 images.

RHSA-2023:5029: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-40029: A flaw was found in the ArgoCD package, used by Red Hat GitOps, that allows cluster secrets to be managed declaratively using the `kubectl apply` functionality, resulting in the full secret body being stored in `kubectl.kubernetes.io/last-applied-configuration` annotation. Since ArgoCD has included the ability to manage cluster labels and annotations via i...

Red Hat Security Advisory 2023-4982-01

Red Hat Security Advisory 2023-4982-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.6 images.

Red Hat Security Advisory 2023-4730-01

Red Hat Security Advisory 2023-4730-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.10.

Red Hat Security Advisory 2023-4875-01

Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.

Red Hat Security Advisory 2023-4706-01

Red Hat Security Advisory 2023-4706-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4705-01

Red Hat Security Advisory 2023-4705-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4702-01

Red Hat Security Advisory 2023-4702-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4708-01

Red Hat Security Advisory 2023-4708-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4701-01

Red Hat Security Advisory 2023-4701-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4703-01

Red Hat Security Advisory 2023-4703-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4707-01

Red Hat Security Advisory 2023-4707-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4704-01

Red Hat Security Advisory 2023-4704-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

CVE-2023-3899

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.

RHSA-2023:4705: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() me...

RHSA-2023:4708: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged loc...

RHSA-2023:4707: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() me...

RHSA-2023:4701: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged loca...

RHSA-2023:4702: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.S...