Headline
RHSA-2023:4701: Red Hat Security Advisory: subscription-manager security update
An update for subscription-manager is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.
Synopsis
Moderate: subscription-manager security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for subscription-manager is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.
Security Fix(es):
- subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration (CVE-2023-3899)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Fixes
- BZ - 2225407 - CVE-2023-3899 subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration
Red Hat Enterprise Linux Server 7
SRPM
subscription-manager-1.24.52-2.el7_9.src.rpm
SHA-256: d77445f4e32b2f64388342490433671b6d9ce408bec02586bb0e8917d745b293
x86_64
python-syspurpose-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 3f41e30f03f5e8f35a8a037c144f3a057bfd8ac46a77818e371e362b54e01658
rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm
SHA-256: dcdadc127cc5222bcb7472775360954620cb062c7061a660f437786581ff4b2a
subscription-manager-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 68dfc5a22b0d565dcdad32b9310a8a17c0b87959d1bd471aaca229549f94d1d3
subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm
SHA-256: 0a19c5e86fc2f640e0673a30ddb43124886c94a319688fd0d8722c47c7aeccb8
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 0ace7610bca62f841bb717c7b3a3c7727889cc1a184112d5e01081c9e98b745e
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 0ace7610bca62f841bb717c7b3a3c7727889cc1a184112d5e01081c9e98b745e
subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 4fb112c87571fd1ad287bdab76e3d7b2b5a695163e0704165de392488c46b80e
subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 68e694c376663b1377742063d7840ed7c4786da9330d390b511dbe64ddad22a5
subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm
SHA-256: d591447ad3566e5f1c711c1f302a28ce929f6e7319e69f79a5c48b476a7f3fc3
subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm
SHA-256: e88011ed59b6bbf4a625381f9c9b48e9041a38bae7b8338d18579588d48fa033
subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm
SHA-256: a030f5f48a460e0c04c7832c63a28b9a62c4f4938c48d9e454c8a334a560adc8
subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm
SHA-256: cf20b0ce147d53f616377f795bd0d60ed140e0a1c33a5064afc3a474c4ab910f
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm
SHA-256: ee21c0d89c985867aef5f915b6339c2b9b49e5678249555395726f7389f37ec0
Red Hat Enterprise Linux Workstation 7
SRPM
subscription-manager-1.24.52-2.el7_9.src.rpm
SHA-256: d77445f4e32b2f64388342490433671b6d9ce408bec02586bb0e8917d745b293
x86_64
python-syspurpose-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 3f41e30f03f5e8f35a8a037c144f3a057bfd8ac46a77818e371e362b54e01658
rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm
SHA-256: dcdadc127cc5222bcb7472775360954620cb062c7061a660f437786581ff4b2a
subscription-manager-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 68dfc5a22b0d565dcdad32b9310a8a17c0b87959d1bd471aaca229549f94d1d3
subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm
SHA-256: 0a19c5e86fc2f640e0673a30ddb43124886c94a319688fd0d8722c47c7aeccb8
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 0ace7610bca62f841bb717c7b3a3c7727889cc1a184112d5e01081c9e98b745e
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 0ace7610bca62f841bb717c7b3a3c7727889cc1a184112d5e01081c9e98b745e
subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 4fb112c87571fd1ad287bdab76e3d7b2b5a695163e0704165de392488c46b80e
subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 68e694c376663b1377742063d7840ed7c4786da9330d390b511dbe64ddad22a5
subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm
SHA-256: d591447ad3566e5f1c711c1f302a28ce929f6e7319e69f79a5c48b476a7f3fc3
subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm
SHA-256: e88011ed59b6bbf4a625381f9c9b48e9041a38bae7b8338d18579588d48fa033
subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm
SHA-256: a030f5f48a460e0c04c7832c63a28b9a62c4f4938c48d9e454c8a334a560adc8
subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm
SHA-256: cf20b0ce147d53f616377f795bd0d60ed140e0a1c33a5064afc3a474c4ab910f
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm
SHA-256: ee21c0d89c985867aef5f915b6339c2b9b49e5678249555395726f7389f37ec0
Red Hat Enterprise Linux Desktop 7
SRPM
subscription-manager-1.24.52-2.el7_9.src.rpm
SHA-256: d77445f4e32b2f64388342490433671b6d9ce408bec02586bb0e8917d745b293
x86_64
python-syspurpose-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 3f41e30f03f5e8f35a8a037c144f3a057bfd8ac46a77818e371e362b54e01658
rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm
SHA-256: dcdadc127cc5222bcb7472775360954620cb062c7061a660f437786581ff4b2a
subscription-manager-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 68dfc5a22b0d565dcdad32b9310a8a17c0b87959d1bd471aaca229549f94d1d3
subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm
SHA-256: 0a19c5e86fc2f640e0673a30ddb43124886c94a319688fd0d8722c47c7aeccb8
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 0ace7610bca62f841bb717c7b3a3c7727889cc1a184112d5e01081c9e98b745e
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 0ace7610bca62f841bb717c7b3a3c7727889cc1a184112d5e01081c9e98b745e
subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 4fb112c87571fd1ad287bdab76e3d7b2b5a695163e0704165de392488c46b80e
subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 68e694c376663b1377742063d7840ed7c4786da9330d390b511dbe64ddad22a5
subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm
SHA-256: d591447ad3566e5f1c711c1f302a28ce929f6e7319e69f79a5c48b476a7f3fc3
subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm
SHA-256: e88011ed59b6bbf4a625381f9c9b48e9041a38bae7b8338d18579588d48fa033
subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm
SHA-256: a030f5f48a460e0c04c7832c63a28b9a62c4f4938c48d9e454c8a334a560adc8
subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm
SHA-256: cf20b0ce147d53f616377f795bd0d60ed140e0a1c33a5064afc3a474c4ab910f
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm
SHA-256: ee21c0d89c985867aef5f915b6339c2b9b49e5678249555395726f7389f37ec0
Red Hat Enterprise Linux for IBM z Systems 7
SRPM
subscription-manager-1.24.52-2.el7_9.src.rpm
SHA-256: d77445f4e32b2f64388342490433671b6d9ce408bec02586bb0e8917d745b293
s390x
python-syspurpose-1.24.52-2.el7_9.s390x.rpm
SHA-256: 1f461e09794441d2b67b182de3ffa50e96b9a09862b6bd4995dc310a94b64f5a
rhsm-gtk-1.24.52-2.el7_9.s390x.rpm
SHA-256: d70cc32c73d4c6bf5c4f4ef5649f1afa7389546e4521cbadfeb9c97c9ab7d71b
subscription-manager-1.24.52-2.el7_9.s390x.rpm
SHA-256: 1dbe17826ddda4312904f6c4fe95bc70c64cf6bf5101d8f9e42639ef79db6fa4
subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm
SHA-256: 0a19c5e86fc2f640e0673a30ddb43124886c94a319688fd0d8722c47c7aeccb8
subscription-manager-debuginfo-1.24.52-2.el7_9.s390x.rpm
SHA-256: 2fb6cbd2c756444b120b50bd83e4614a4bace62695aac655ed98dc32c9f1f927
subscription-manager-debuginfo-1.24.52-2.el7_9.s390x.rpm
SHA-256: 2fb6cbd2c756444b120b50bd83e4614a4bace62695aac655ed98dc32c9f1f927
subscription-manager-gui-1.24.52-2.el7_9.s390x.rpm
SHA-256: fa03465eb042ebe8a2b830cacbc2ce90bddb717397f7b44dbefb219b64fd8764
subscription-manager-initial-setup-addon-1.24.52-2.el7_9.s390x.rpm
SHA-256: 3e94b2a27ee0bc9a784d57ef68ec497db5c24fa21d825ff06120d123ec6c210b
subscription-manager-migration-1.24.52-2.el7_9.s390x.rpm
SHA-256: f17fa571bc158d53f6c70253f03088bf7b570b207691041a3cc7c4065a648e4d
subscription-manager-plugin-container-1.24.52-2.el7_9.s390x.rpm
SHA-256: ee56b89326c11d4abfed9c9d0538a80e2d096d5f6f2190e029f4f49831d7c4ea
subscription-manager-plugin-ostree-1.24.52-2.el7_9.s390x.rpm
SHA-256: df3262e13016284f887ff0aafbf5ed1399e309ede12a06d3681605b876802c23
subscription-manager-rhsm-1.24.52-2.el7_9.s390x.rpm
SHA-256: ca20107f8f0f8d44408527ebe94256c54792bcb77c16a2f077018d99d991bf78
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.s390x.rpm
SHA-256: 300bf795ec6bb4a5040b7f8792fc01224d74a1cc64c3291c3074f309d18ac6d9
Red Hat Enterprise Linux for Power, big endian 7
SRPM
subscription-manager-1.24.52-2.el7_9.src.rpm
SHA-256: d77445f4e32b2f64388342490433671b6d9ce408bec02586bb0e8917d745b293
ppc64
python-syspurpose-1.24.52-2.el7_9.ppc64.rpm
SHA-256: 4c84ab89f1817c54286a24f533c906f6198545991d9ae32d4a34587dd2990eaa
rhsm-gtk-1.24.52-2.el7_9.ppc64.rpm
SHA-256: a21f683b02f05469da2a248f4f27c1c853a41603f8223413964c66b42cf21fc8
subscription-manager-1.24.52-2.el7_9.ppc64.rpm
SHA-256: 223df5b39942c79b25ba1a077e1909b4418a9251a2d4d2068f52b984cbd5f12a
subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm
SHA-256: 0a19c5e86fc2f640e0673a30ddb43124886c94a319688fd0d8722c47c7aeccb8
subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64.rpm
SHA-256: c49ca3ad7db3e9c0a9ddf2ba609477f88e6fe11580e352b0973843c164268bfc
subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64.rpm
SHA-256: c49ca3ad7db3e9c0a9ddf2ba609477f88e6fe11580e352b0973843c164268bfc
subscription-manager-gui-1.24.52-2.el7_9.ppc64.rpm
SHA-256: 1160ac4d4df18f409e955bf477eff9bc16a478fe4f9385cf1f812462b657252c
subscription-manager-initial-setup-addon-1.24.52-2.el7_9.ppc64.rpm
SHA-256: 4a408165831ccfdda3cf8053e3f4c9642ec4d4f5a00367758badcc6d03c00ab2
subscription-manager-migration-1.24.52-2.el7_9.ppc64.rpm
SHA-256: b857b9766d628c6d03cdac6dc0498bc33242f6bd2f3f9eaea53044dcf8f265c9
subscription-manager-plugin-container-1.24.52-2.el7_9.ppc64.rpm
SHA-256: 950e1aec2b1089b107f95250aeb68d9557b5367ce7577d33c1138df179bdeb6f
subscription-manager-plugin-ostree-1.24.52-2.el7_9.ppc64.rpm
SHA-256: b47b55170211eb5dabc2d6f123e3c000dd64c1b3aba3d381418d759f9ab726d8
subscription-manager-rhsm-1.24.52-2.el7_9.ppc64.rpm
SHA-256: 85a517adba8ed362fd7fac6cc09b6a522c8d22015b579bc3d8f5ded2ae69f02b
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.ppc64.rpm
SHA-256: 288d5af9afb85c5686b7f89524bb375d8bc65aec89a9d5f78eb031d2c979e6cf
Red Hat Enterprise Linux for Scientific Computing 7
SRPM
subscription-manager-1.24.52-2.el7_9.src.rpm
SHA-256: d77445f4e32b2f64388342490433671b6d9ce408bec02586bb0e8917d745b293
x86_64
python-syspurpose-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 3f41e30f03f5e8f35a8a037c144f3a057bfd8ac46a77818e371e362b54e01658
rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm
SHA-256: dcdadc127cc5222bcb7472775360954620cb062c7061a660f437786581ff4b2a
subscription-manager-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 68dfc5a22b0d565dcdad32b9310a8a17c0b87959d1bd471aaca229549f94d1d3
subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm
SHA-256: 0a19c5e86fc2f640e0673a30ddb43124886c94a319688fd0d8722c47c7aeccb8
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 0ace7610bca62f841bb717c7b3a3c7727889cc1a184112d5e01081c9e98b745e
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 0ace7610bca62f841bb717c7b3a3c7727889cc1a184112d5e01081c9e98b745e
subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 4fb112c87571fd1ad287bdab76e3d7b2b5a695163e0704165de392488c46b80e
subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm
SHA-256: 68e694c376663b1377742063d7840ed7c4786da9330d390b511dbe64ddad22a5
subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm
SHA-256: d591447ad3566e5f1c711c1f302a28ce929f6e7319e69f79a5c48b476a7f3fc3
subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm
SHA-256: e88011ed59b6bbf4a625381f9c9b48e9041a38bae7b8338d18579588d48fa033
subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm
SHA-256: a030f5f48a460e0c04c7832c63a28b9a62c4f4938c48d9e454c8a334a560adc8
subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm
SHA-256: cf20b0ce147d53f616377f795bd0d60ed140e0a1c33a5064afc3a474c4ab910f
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm
SHA-256: ee21c0d89c985867aef5f915b6339c2b9b49e5678249555395726f7389f37ec0
Red Hat Enterprise Linux for Power, little endian 7
SRPM
subscription-manager-1.24.52-2.el7_9.src.rpm
SHA-256: d77445f4e32b2f64388342490433671b6d9ce408bec02586bb0e8917d745b293
ppc64le
python-syspurpose-1.24.52-2.el7_9.ppc64le.rpm
SHA-256: 052b17c85e815dae45158d571792c294b6876938a90433e9677d61c5f9a5abf9
rhsm-gtk-1.24.52-2.el7_9.ppc64le.rpm
SHA-256: 1d58f31ace585490f1a56e985ee1875a101c93f5c39f583b6cb6ab267bd20ea9
subscription-manager-1.24.52-2.el7_9.ppc64le.rpm
SHA-256: 8bf03a66ebb747efc01842ec546fe0a6691631fc2194aafe0fd6afe0155860fc
subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm
SHA-256: 0a19c5e86fc2f640e0673a30ddb43124886c94a319688fd0d8722c47c7aeccb8
subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64le.rpm
SHA-256: 26593f9516703433599cba036c05ca33acde8d8b873cc1c260bcf98376b41470
subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64le.rpm
SHA-256: 26593f9516703433599cba036c05ca33acde8d8b873cc1c260bcf98376b41470
subscription-manager-gui-1.24.52-2.el7_9.ppc64le.rpm
SHA-256: 64174001d3795add2e5f41cbadcba44413fc67bd1950d4a9ac472e9c579e515c
subscription-manager-initial-setup-addon-1.24.52-2.el7_9.ppc64le.rpm
SHA-256: cccb92e9434924ef8353f9c370b8f8307e4ebe36a81465037d60f7bacfcd8627
subscription-manager-migration-1.24.52-2.el7_9.ppc64le.rpm
SHA-256: 6fba5b3b2a3105c6b7c07dad279b4ab7401e9b59b09a086ad3be4c09cde15686
subscription-manager-plugin-container-1.24.52-2.el7_9.ppc64le.rpm
SHA-256: ac0d6c13f443f00cc11c129b832fe7f86f986e426f5b0262d60443876f92c676
subscription-manager-plugin-ostree-1.24.52-2.el7_9.ppc64le.rpm
SHA-256: 7e0d34ed37e90ed41001e2d53e0b603a59280892b4f9bd38adc386258b55b80a
subscription-manager-rhsm-1.24.52-2.el7_9.ppc64le.rpm
SHA-256: d6eb2444635f3956b20832292b3f42c0a8db8055b4bd41c1151c2e1f7066c0fd
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.ppc64le.rpm
SHA-256: 8afd0efd52adc84e3312af236a75ed141a4546be9c4061ed52d41c8328faa0b5
Related news
Red Hat Security Advisory 2023-5421-01 - Multicluster Engine for Kubernetes 2.3.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Red Hat Security Advisory 2023-5376-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5233-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.4 images.
Logging Subsystem 5.6.11 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4456: A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Red Hat Security Advisory 2023-5175-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2023-5174-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.
Red Hat Security Advisory 2023-4933-01 - Logging Subsystem 5.7.6 addresses an issues where LokiStack authorization is cached too broadly.
Red Hat Security Advisory 2023-5001-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.49. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-5103-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.11.6 images.
An update is now available for Red Hat OpenShift GitOps 1.9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-40029: A flaw was found in the ArgoCD package, used by Red Hat GitOps, that allows cluster secrets to be managed declaratively using the `kubectl apply` functionality, resulting in the full secret body being stored in `kubectl.kubernetes.io/last-applied-configuration` annotation. Since ArgoCD has included the ability to manage cluster labels and annotations via i...
Red Hat Security Advisory 2023-4982-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.6 images.
Red Hat Security Advisory 2023-4731-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.10.
Red Hat Security Advisory 2023-4706-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.
Red Hat Security Advisory 2023-4705-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.
Red Hat Security Advisory 2023-4702-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.
Red Hat Security Advisory 2023-4708-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.
Red Hat Security Advisory 2023-4701-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.
Red Hat Security Advisory 2023-4703-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.
Red Hat Security Advisory 2023-4707-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.
Red Hat Security Advisory 2023-4704-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.
An update for subscription-manager is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() me...
An update for subscription-manager is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged loc...
An update for subscription-manager is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() me...
An update for subscription-manager is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 e...
An update for subscription-manager is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a signific...
An update for subscription-manager is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.S...