-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: subscription-manager security update Advisory ID: RHSA-2023:4701-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4701 Issue date: 2023-08-22 CVE Names: CVE-2023-3899 ==================================================================== 1. Summary: An update for subscription-manager is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform. Security Fix(es): * subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration (CVE-2023-3899) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2225407 - CVE-2023-3899 subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: subscription-manager-1.24.52-2.el7_9.src.rpm x86_64: python-syspurpose-1.24.52-2.el7_9.x86_64.rpm rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm subscription-manager-1.24.52-2.el7_9.x86_64.rpm subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm x86_64: subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: subscription-manager-1.24.52-2.el7_9.src.rpm x86_64: python-syspurpose-1.24.52-2.el7_9.x86_64.rpm subscription-manager-1.24.52-2.el7_9.x86_64.rpm subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm x86_64: rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: subscription-manager-1.24.52-2.el7_9.src.rpm ppc64: python-syspurpose-1.24.52-2.el7_9.ppc64.rpm rhsm-gtk-1.24.52-2.el7_9.ppc64.rpm subscription-manager-1.24.52-2.el7_9.ppc64.rpm subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64.rpm subscription-manager-gui-1.24.52-2.el7_9.ppc64.rpm subscription-manager-initial-setup-addon-1.24.52-2.el7_9.ppc64.rpm subscription-manager-migration-1.24.52-2.el7_9.ppc64.rpm subscription-manager-plugin-container-1.24.52-2.el7_9.ppc64.rpm subscription-manager-rhsm-1.24.52-2.el7_9.ppc64.rpm subscription-manager-rhsm-certificates-1.24.52-2.el7_9.ppc64.rpm ppc64le: python-syspurpose-1.24.52-2.el7_9.ppc64le.rpm rhsm-gtk-1.24.52-2.el7_9.ppc64le.rpm subscription-manager-1.24.52-2.el7_9.ppc64le.rpm subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64le.rpm subscription-manager-gui-1.24.52-2.el7_9.ppc64le.rpm subscription-manager-initial-setup-addon-1.24.52-2.el7_9.ppc64le.rpm subscription-manager-migration-1.24.52-2.el7_9.ppc64le.rpm subscription-manager-plugin-container-1.24.52-2.el7_9.ppc64le.rpm subscription-manager-rhsm-1.24.52-2.el7_9.ppc64le.rpm subscription-manager-rhsm-certificates-1.24.52-2.el7_9.ppc64le.rpm s390x: python-syspurpose-1.24.52-2.el7_9.s390x.rpm rhsm-gtk-1.24.52-2.el7_9.s390x.rpm subscription-manager-1.24.52-2.el7_9.s390x.rpm subscription-manager-debuginfo-1.24.52-2.el7_9.s390x.rpm subscription-manager-gui-1.24.52-2.el7_9.s390x.rpm subscription-manager-initial-setup-addon-1.24.52-2.el7_9.s390x.rpm subscription-manager-migration-1.24.52-2.el7_9.s390x.rpm subscription-manager-plugin-container-1.24.52-2.el7_9.s390x.rpm subscription-manager-rhsm-1.24.52-2.el7_9.s390x.rpm subscription-manager-rhsm-certificates-1.24.52-2.el7_9.s390x.rpm x86_64: python-syspurpose-1.24.52-2.el7_9.x86_64.rpm rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm subscription-manager-1.24.52-2.el7_9.x86_64.rpm subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm ppc64: subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64.rpm subscription-manager-plugin-ostree-1.24.52-2.el7_9.ppc64.rpm ppc64le: subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64le.rpm subscription-manager-plugin-ostree-1.24.52-2.el7_9.ppc64le.rpm s390x: subscription-manager-debuginfo-1.24.52-2.el7_9.s390x.rpm subscription-manager-plugin-ostree-1.24.52-2.el7_9.s390x.rpm x86_64: subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: subscription-manager-1.24.52-2.el7_9.src.rpm x86_64: python-syspurpose-1.24.52-2.el7_9.x86_64.rpm rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm subscription-manager-1.24.52-2.el7_9.x86_64.rpm subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm x86_64: subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-3899 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJk5RhwAAoJENzjgjWX9erEPAoP/RrfFSWaeFVxlSKdbxhvddY8 GeTz+sFCeC6Jovu/qEZAW+dojO96hPsguseXGx9TLsCZgAEgpq4+fQXylqQuoMpv Y/6AZ67xwzSQ46MflFQkEjMi9UI/SiY69egoPkvg6GX7GymlbU7UGg6cM+2iIWBP XG/SCiUIiEcZnB+FrW9su2V0RinL2HmLXixhk5FMBEeP5mgR3xXDqmL70FpTgViF u0G3q9QNGwij/uaLxI42q6l5ZjoKlg4FZmZOeZoXLAcQA+oly4QgEp3I3tm07qSj 470R9ZLo1Yr4QReGZJO0TNDM4giwdWKxZ1VYnDT6kADKBz+gY2H5jO847yNrWJ4x 2OIsccMA67+C4DvokRMHAKko9dZQZBt5+fHZkNhvbVWN6fldittPnHoIX+zHC+ep ninbsINr3YOX8baNfLmnqMuX3/4bVWQuZPRyIDsCCVyYzfjeTlnx5svePeIJD7vk 1up5Rfbf8YUKkXuKhm7rZMTBOG/AQBvZT/BkVn94M+P9lGyLMk3CMMgSuHnNYFXP H0Sg89R6SkHtdm/bjqy9XLwE6ZWrzIM1C6MBlWLQXg5P6bK0NWhkTY0nDraf0BNC a/FynXlBckSuu1r2yGoP8Ubt7NBpMPgBEOrVr6QxSlZtqQXqO8/jzT7iLlGGmG5k AQNCEsbHF41uUgLGS3JQ =ZifM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce