Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4701: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.
Red Hat Security Data
#vulnerability#linux#red_hat#auth#ibm

Synopsis

Moderate: subscription-manager security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for subscription-manager is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Security Fix(es):

  • subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration (CVE-2023-3899)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 2225407 - CVE-2023-3899 subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration

Red Hat Enterprise Linux Server 7

SRPM

subscription-manager-1.24.52-2.el7_9.src.rpm

SHA-256: d77445f4e32b2f64388342490433671b6d9ce408bec02586bb0e8917d745b293

x86_64

python-syspurpose-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 3f41e30f03f5e8f35a8a037c144f3a057bfd8ac46a77818e371e362b54e01658

rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm

SHA-256: dcdadc127cc5222bcb7472775360954620cb062c7061a660f437786581ff4b2a

subscription-manager-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 68dfc5a22b0d565dcdad32b9310a8a17c0b87959d1bd471aaca229549f94d1d3

subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm

SHA-256: 0a19c5e86fc2f640e0673a30ddb43124886c94a319688fd0d8722c47c7aeccb8

subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 0ace7610bca62f841bb717c7b3a3c7727889cc1a184112d5e01081c9e98b745e

subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 0ace7610bca62f841bb717c7b3a3c7727889cc1a184112d5e01081c9e98b745e

subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 4fb112c87571fd1ad287bdab76e3d7b2b5a695163e0704165de392488c46b80e

subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 68e694c376663b1377742063d7840ed7c4786da9330d390b511dbe64ddad22a5

subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm

SHA-256: d591447ad3566e5f1c711c1f302a28ce929f6e7319e69f79a5c48b476a7f3fc3

subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm

SHA-256: e88011ed59b6bbf4a625381f9c9b48e9041a38bae7b8338d18579588d48fa033

subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm

SHA-256: a030f5f48a460e0c04c7832c63a28b9a62c4f4938c48d9e454c8a334a560adc8

subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm

SHA-256: cf20b0ce147d53f616377f795bd0d60ed140e0a1c33a5064afc3a474c4ab910f

subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm

SHA-256: ee21c0d89c985867aef5f915b6339c2b9b49e5678249555395726f7389f37ec0

Red Hat Enterprise Linux Workstation 7

SRPM

subscription-manager-1.24.52-2.el7_9.src.rpm

SHA-256: d77445f4e32b2f64388342490433671b6d9ce408bec02586bb0e8917d745b293

x86_64

python-syspurpose-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 3f41e30f03f5e8f35a8a037c144f3a057bfd8ac46a77818e371e362b54e01658

rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm

SHA-256: dcdadc127cc5222bcb7472775360954620cb062c7061a660f437786581ff4b2a

subscription-manager-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 68dfc5a22b0d565dcdad32b9310a8a17c0b87959d1bd471aaca229549f94d1d3

subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm

SHA-256: 0a19c5e86fc2f640e0673a30ddb43124886c94a319688fd0d8722c47c7aeccb8

subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 0ace7610bca62f841bb717c7b3a3c7727889cc1a184112d5e01081c9e98b745e

subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 0ace7610bca62f841bb717c7b3a3c7727889cc1a184112d5e01081c9e98b745e

subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 4fb112c87571fd1ad287bdab76e3d7b2b5a695163e0704165de392488c46b80e

subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 68e694c376663b1377742063d7840ed7c4786da9330d390b511dbe64ddad22a5

subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm

SHA-256: d591447ad3566e5f1c711c1f302a28ce929f6e7319e69f79a5c48b476a7f3fc3

subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm

SHA-256: e88011ed59b6bbf4a625381f9c9b48e9041a38bae7b8338d18579588d48fa033

subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm

SHA-256: a030f5f48a460e0c04c7832c63a28b9a62c4f4938c48d9e454c8a334a560adc8

subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm

SHA-256: cf20b0ce147d53f616377f795bd0d60ed140e0a1c33a5064afc3a474c4ab910f

subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm

SHA-256: ee21c0d89c985867aef5f915b6339c2b9b49e5678249555395726f7389f37ec0

Red Hat Enterprise Linux Desktop 7

SRPM

subscription-manager-1.24.52-2.el7_9.src.rpm

SHA-256: d77445f4e32b2f64388342490433671b6d9ce408bec02586bb0e8917d745b293

x86_64

python-syspurpose-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 3f41e30f03f5e8f35a8a037c144f3a057bfd8ac46a77818e371e362b54e01658

rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm

SHA-256: dcdadc127cc5222bcb7472775360954620cb062c7061a660f437786581ff4b2a

subscription-manager-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 68dfc5a22b0d565dcdad32b9310a8a17c0b87959d1bd471aaca229549f94d1d3

subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm

SHA-256: 0a19c5e86fc2f640e0673a30ddb43124886c94a319688fd0d8722c47c7aeccb8

subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 0ace7610bca62f841bb717c7b3a3c7727889cc1a184112d5e01081c9e98b745e

subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 0ace7610bca62f841bb717c7b3a3c7727889cc1a184112d5e01081c9e98b745e

subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 4fb112c87571fd1ad287bdab76e3d7b2b5a695163e0704165de392488c46b80e

subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 68e694c376663b1377742063d7840ed7c4786da9330d390b511dbe64ddad22a5

subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm

SHA-256: d591447ad3566e5f1c711c1f302a28ce929f6e7319e69f79a5c48b476a7f3fc3

subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm

SHA-256: e88011ed59b6bbf4a625381f9c9b48e9041a38bae7b8338d18579588d48fa033

subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm

SHA-256: a030f5f48a460e0c04c7832c63a28b9a62c4f4938c48d9e454c8a334a560adc8

subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm

SHA-256: cf20b0ce147d53f616377f795bd0d60ed140e0a1c33a5064afc3a474c4ab910f

subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm

SHA-256: ee21c0d89c985867aef5f915b6339c2b9b49e5678249555395726f7389f37ec0

Red Hat Enterprise Linux for IBM z Systems 7

SRPM

subscription-manager-1.24.52-2.el7_9.src.rpm

SHA-256: d77445f4e32b2f64388342490433671b6d9ce408bec02586bb0e8917d745b293

s390x

python-syspurpose-1.24.52-2.el7_9.s390x.rpm

SHA-256: 1f461e09794441d2b67b182de3ffa50e96b9a09862b6bd4995dc310a94b64f5a

rhsm-gtk-1.24.52-2.el7_9.s390x.rpm

SHA-256: d70cc32c73d4c6bf5c4f4ef5649f1afa7389546e4521cbadfeb9c97c9ab7d71b

subscription-manager-1.24.52-2.el7_9.s390x.rpm

SHA-256: 1dbe17826ddda4312904f6c4fe95bc70c64cf6bf5101d8f9e42639ef79db6fa4

subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm

SHA-256: 0a19c5e86fc2f640e0673a30ddb43124886c94a319688fd0d8722c47c7aeccb8

subscription-manager-debuginfo-1.24.52-2.el7_9.s390x.rpm

SHA-256: 2fb6cbd2c756444b120b50bd83e4614a4bace62695aac655ed98dc32c9f1f927

subscription-manager-debuginfo-1.24.52-2.el7_9.s390x.rpm

SHA-256: 2fb6cbd2c756444b120b50bd83e4614a4bace62695aac655ed98dc32c9f1f927

subscription-manager-gui-1.24.52-2.el7_9.s390x.rpm

SHA-256: fa03465eb042ebe8a2b830cacbc2ce90bddb717397f7b44dbefb219b64fd8764

subscription-manager-initial-setup-addon-1.24.52-2.el7_9.s390x.rpm

SHA-256: 3e94b2a27ee0bc9a784d57ef68ec497db5c24fa21d825ff06120d123ec6c210b

subscription-manager-migration-1.24.52-2.el7_9.s390x.rpm

SHA-256: f17fa571bc158d53f6c70253f03088bf7b570b207691041a3cc7c4065a648e4d

subscription-manager-plugin-container-1.24.52-2.el7_9.s390x.rpm

SHA-256: ee56b89326c11d4abfed9c9d0538a80e2d096d5f6f2190e029f4f49831d7c4ea

subscription-manager-plugin-ostree-1.24.52-2.el7_9.s390x.rpm

SHA-256: df3262e13016284f887ff0aafbf5ed1399e309ede12a06d3681605b876802c23

subscription-manager-rhsm-1.24.52-2.el7_9.s390x.rpm

SHA-256: ca20107f8f0f8d44408527ebe94256c54792bcb77c16a2f077018d99d991bf78

subscription-manager-rhsm-certificates-1.24.52-2.el7_9.s390x.rpm

SHA-256: 300bf795ec6bb4a5040b7f8792fc01224d74a1cc64c3291c3074f309d18ac6d9

Red Hat Enterprise Linux for Power, big endian 7

SRPM

subscription-manager-1.24.52-2.el7_9.src.rpm

SHA-256: d77445f4e32b2f64388342490433671b6d9ce408bec02586bb0e8917d745b293

ppc64

python-syspurpose-1.24.52-2.el7_9.ppc64.rpm

SHA-256: 4c84ab89f1817c54286a24f533c906f6198545991d9ae32d4a34587dd2990eaa

rhsm-gtk-1.24.52-2.el7_9.ppc64.rpm

SHA-256: a21f683b02f05469da2a248f4f27c1c853a41603f8223413964c66b42cf21fc8

subscription-manager-1.24.52-2.el7_9.ppc64.rpm

SHA-256: 223df5b39942c79b25ba1a077e1909b4418a9251a2d4d2068f52b984cbd5f12a

subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm

SHA-256: 0a19c5e86fc2f640e0673a30ddb43124886c94a319688fd0d8722c47c7aeccb8

subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64.rpm

SHA-256: c49ca3ad7db3e9c0a9ddf2ba609477f88e6fe11580e352b0973843c164268bfc

subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64.rpm

SHA-256: c49ca3ad7db3e9c0a9ddf2ba609477f88e6fe11580e352b0973843c164268bfc

subscription-manager-gui-1.24.52-2.el7_9.ppc64.rpm

SHA-256: 1160ac4d4df18f409e955bf477eff9bc16a478fe4f9385cf1f812462b657252c

subscription-manager-initial-setup-addon-1.24.52-2.el7_9.ppc64.rpm

SHA-256: 4a408165831ccfdda3cf8053e3f4c9642ec4d4f5a00367758badcc6d03c00ab2

subscription-manager-migration-1.24.52-2.el7_9.ppc64.rpm

SHA-256: b857b9766d628c6d03cdac6dc0498bc33242f6bd2f3f9eaea53044dcf8f265c9

subscription-manager-plugin-container-1.24.52-2.el7_9.ppc64.rpm

SHA-256: 950e1aec2b1089b107f95250aeb68d9557b5367ce7577d33c1138df179bdeb6f

subscription-manager-plugin-ostree-1.24.52-2.el7_9.ppc64.rpm

SHA-256: b47b55170211eb5dabc2d6f123e3c000dd64c1b3aba3d381418d759f9ab726d8

subscription-manager-rhsm-1.24.52-2.el7_9.ppc64.rpm

SHA-256: 85a517adba8ed362fd7fac6cc09b6a522c8d22015b579bc3d8f5ded2ae69f02b

subscription-manager-rhsm-certificates-1.24.52-2.el7_9.ppc64.rpm

SHA-256: 288d5af9afb85c5686b7f89524bb375d8bc65aec89a9d5f78eb031d2c979e6cf

Red Hat Enterprise Linux for Scientific Computing 7

SRPM

subscription-manager-1.24.52-2.el7_9.src.rpm

SHA-256: d77445f4e32b2f64388342490433671b6d9ce408bec02586bb0e8917d745b293

x86_64

python-syspurpose-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 3f41e30f03f5e8f35a8a037c144f3a057bfd8ac46a77818e371e362b54e01658

rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm

SHA-256: dcdadc127cc5222bcb7472775360954620cb062c7061a660f437786581ff4b2a

subscription-manager-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 68dfc5a22b0d565dcdad32b9310a8a17c0b87959d1bd471aaca229549f94d1d3

subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm

SHA-256: 0a19c5e86fc2f640e0673a30ddb43124886c94a319688fd0d8722c47c7aeccb8

subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 0ace7610bca62f841bb717c7b3a3c7727889cc1a184112d5e01081c9e98b745e

subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 0ace7610bca62f841bb717c7b3a3c7727889cc1a184112d5e01081c9e98b745e

subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 4fb112c87571fd1ad287bdab76e3d7b2b5a695163e0704165de392488c46b80e

subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm

SHA-256: 68e694c376663b1377742063d7840ed7c4786da9330d390b511dbe64ddad22a5

subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm

SHA-256: d591447ad3566e5f1c711c1f302a28ce929f6e7319e69f79a5c48b476a7f3fc3

subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm

SHA-256: e88011ed59b6bbf4a625381f9c9b48e9041a38bae7b8338d18579588d48fa033

subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm

SHA-256: a030f5f48a460e0c04c7832c63a28b9a62c4f4938c48d9e454c8a334a560adc8

subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm

SHA-256: cf20b0ce147d53f616377f795bd0d60ed140e0a1c33a5064afc3a474c4ab910f

subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm

SHA-256: ee21c0d89c985867aef5f915b6339c2b9b49e5678249555395726f7389f37ec0

Red Hat Enterprise Linux for Power, little endian 7

SRPM

subscription-manager-1.24.52-2.el7_9.src.rpm

SHA-256: d77445f4e32b2f64388342490433671b6d9ce408bec02586bb0e8917d745b293

ppc64le

python-syspurpose-1.24.52-2.el7_9.ppc64le.rpm

SHA-256: 052b17c85e815dae45158d571792c294b6876938a90433e9677d61c5f9a5abf9

rhsm-gtk-1.24.52-2.el7_9.ppc64le.rpm

SHA-256: 1d58f31ace585490f1a56e985ee1875a101c93f5c39f583b6cb6ab267bd20ea9

subscription-manager-1.24.52-2.el7_9.ppc64le.rpm

SHA-256: 8bf03a66ebb747efc01842ec546fe0a6691631fc2194aafe0fd6afe0155860fc

subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm

SHA-256: 0a19c5e86fc2f640e0673a30ddb43124886c94a319688fd0d8722c47c7aeccb8

subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64le.rpm

SHA-256: 26593f9516703433599cba036c05ca33acde8d8b873cc1c260bcf98376b41470

subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64le.rpm

SHA-256: 26593f9516703433599cba036c05ca33acde8d8b873cc1c260bcf98376b41470

subscription-manager-gui-1.24.52-2.el7_9.ppc64le.rpm

SHA-256: 64174001d3795add2e5f41cbadcba44413fc67bd1950d4a9ac472e9c579e515c

subscription-manager-initial-setup-addon-1.24.52-2.el7_9.ppc64le.rpm

SHA-256: cccb92e9434924ef8353f9c370b8f8307e4ebe36a81465037d60f7bacfcd8627

subscription-manager-migration-1.24.52-2.el7_9.ppc64le.rpm

SHA-256: 6fba5b3b2a3105c6b7c07dad279b4ab7401e9b59b09a086ad3be4c09cde15686

subscription-manager-plugin-container-1.24.52-2.el7_9.ppc64le.rpm

SHA-256: ac0d6c13f443f00cc11c129b832fe7f86f986e426f5b0262d60443876f92c676

subscription-manager-plugin-ostree-1.24.52-2.el7_9.ppc64le.rpm

SHA-256: 7e0d34ed37e90ed41001e2d53e0b603a59280892b4f9bd38adc386258b55b80a

subscription-manager-rhsm-1.24.52-2.el7_9.ppc64le.rpm

SHA-256: d6eb2444635f3956b20832292b3f42c0a8db8055b4bd41c1151c2e1f7066c0fd

subscription-manager-rhsm-certificates-1.24.52-2.el7_9.ppc64le.rpm

SHA-256: 8afd0efd52adc84e3312af236a75ed141a4546be9c4061ed52d41c8328faa0b5

Related news

Red Hat Security Advisory 2023-5421-01

Red Hat Security Advisory 2023-5421-01 - Multicluster Engine for Kubernetes 2.3.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

Red Hat Security Advisory 2023-5376-01

Red Hat Security Advisory 2023-5376-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5233-01

Red Hat Security Advisory 2023-5233-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.4 images.

RHSA-2023:5095: Red Hat Security Advisory: Logging Subsystem 5.6.11 - Red Hat OpenShift security update

Logging Subsystem 5.6.11 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.

Red Hat Security Advisory 2023-5175-01

Red Hat Security Advisory 2023-5175-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2023-5174-01

Red Hat Security Advisory 2023-5174-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.

Red Hat Security Advisory 2023-4933-01

Red Hat Security Advisory 2023-4933-01 - Logging Subsystem 5.7.6 addresses an issues where LokiStack authorization is cached too broadly.

Red Hat Security Advisory 2023-5001-01

Red Hat Security Advisory 2023-5001-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.49. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-5103-01

Red Hat Security Advisory 2023-5103-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.11.6 images.

RHSA-2023:5029: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-40029: A flaw was found in the ArgoCD package, used by Red Hat GitOps, that allows cluster secrets to be managed declaratively using the `kubectl apply` functionality, resulting in the full secret body being stored in `kubectl.kubernetes.io/last-applied-configuration` annotation. Since ArgoCD has included the ability to manage cluster labels and annotations via i...

Red Hat Security Advisory 2023-4982-01

Red Hat Security Advisory 2023-4982-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.6 images.

Red Hat Security Advisory 2023-4731-01

Red Hat Security Advisory 2023-4731-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.10.

Red Hat Security Advisory 2023-4706-01

Red Hat Security Advisory 2023-4706-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4705-01

Red Hat Security Advisory 2023-4705-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4702-01

Red Hat Security Advisory 2023-4702-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4708-01

Red Hat Security Advisory 2023-4708-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4701-01

Red Hat Security Advisory 2023-4701-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4703-01

Red Hat Security Advisory 2023-4703-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4707-01

Red Hat Security Advisory 2023-4707-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Red Hat Security Advisory 2023-4704-01

Red Hat Security Advisory 2023-4704-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

CVE-2023-3899

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.

RHSA-2023:4705: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() me...

RHSA-2023:4708: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged loc...

RHSA-2023:4707: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() me...

RHSA-2023:4704: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 e...

RHSA-2023:4703: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a signific...

RHSA-2023:4702: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.S...