-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: subscription-manager security update
Advisory ID:       RHSA-2023:4701-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4701
Issue date:        2023-08-22
CVE Names:         CVE-2023-3899 
=====================================================================

1. Summary:

An update for subscription-manager is now available for Red Hat Enterprise
Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

The subscription-manager packages provide programs and libraries to allow
users to manage subscriptions and yum repositories from the Red Hat
entitlement platform.

Security Fix(es):

* subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus
interface allows local users to modify configuration (CVE-2023-3899)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2225407 - CVE-2023-3899 subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
subscription-manager-1.24.52-2.el7_9.src.rpm

x86_64:
python-syspurpose-1.24.52-2.el7_9.x86_64.rpm
rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm

x86_64:
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
subscription-manager-1.24.52-2.el7_9.src.rpm

x86_64:
python-syspurpose-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:
subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm

x86_64:
rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
subscription-manager-1.24.52-2.el7_9.src.rpm

ppc64:
python-syspurpose-1.24.52-2.el7_9.ppc64.rpm
rhsm-gtk-1.24.52-2.el7_9.ppc64.rpm
subscription-manager-1.24.52-2.el7_9.ppc64.rpm
subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64.rpm
subscription-manager-gui-1.24.52-2.el7_9.ppc64.rpm
subscription-manager-initial-setup-addon-1.24.52-2.el7_9.ppc64.rpm
subscription-manager-migration-1.24.52-2.el7_9.ppc64.rpm
subscription-manager-plugin-container-1.24.52-2.el7_9.ppc64.rpm
subscription-manager-rhsm-1.24.52-2.el7_9.ppc64.rpm
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.ppc64.rpm

ppc64le:
python-syspurpose-1.24.52-2.el7_9.ppc64le.rpm
rhsm-gtk-1.24.52-2.el7_9.ppc64le.rpm
subscription-manager-1.24.52-2.el7_9.ppc64le.rpm
subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64le.rpm
subscription-manager-gui-1.24.52-2.el7_9.ppc64le.rpm
subscription-manager-initial-setup-addon-1.24.52-2.el7_9.ppc64le.rpm
subscription-manager-migration-1.24.52-2.el7_9.ppc64le.rpm
subscription-manager-plugin-container-1.24.52-2.el7_9.ppc64le.rpm
subscription-manager-rhsm-1.24.52-2.el7_9.ppc64le.rpm
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.ppc64le.rpm

s390x:
python-syspurpose-1.24.52-2.el7_9.s390x.rpm
rhsm-gtk-1.24.52-2.el7_9.s390x.rpm
subscription-manager-1.24.52-2.el7_9.s390x.rpm
subscription-manager-debuginfo-1.24.52-2.el7_9.s390x.rpm
subscription-manager-gui-1.24.52-2.el7_9.s390x.rpm
subscription-manager-initial-setup-addon-1.24.52-2.el7_9.s390x.rpm
subscription-manager-migration-1.24.52-2.el7_9.s390x.rpm
subscription-manager-plugin-container-1.24.52-2.el7_9.s390x.rpm
subscription-manager-rhsm-1.24.52-2.el7_9.s390x.rpm
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.s390x.rpm

x86_64:
python-syspurpose-1.24.52-2.el7_9.x86_64.rpm
rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:
subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm

ppc64:
subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64.rpm
subscription-manager-plugin-ostree-1.24.52-2.el7_9.ppc64.rpm

ppc64le:
subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64le.rpm
subscription-manager-plugin-ostree-1.24.52-2.el7_9.ppc64le.rpm

s390x:
subscription-manager-debuginfo-1.24.52-2.el7_9.s390x.rpm
subscription-manager-plugin-ostree-1.24.52-2.el7_9.s390x.rpm

x86_64:
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
subscription-manager-1.24.52-2.el7_9.src.rpm

x86_64:
python-syspurpose-1.24.52-2.el7_9.x86_64.rpm
rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm

x86_64:
subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm
subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-3899
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJk5RhwAAoJENzjgjWX9erEPAoP/RrfFSWaeFVxlSKdbxhvddY8
GeTz+sFCeC6Jovu/qEZAW+dojO96hPsguseXGx9TLsCZgAEgpq4+fQXylqQuoMpv
Y/6AZ67xwzSQ46MflFQkEjMi9UI/SiY69egoPkvg6GX7GymlbU7UGg6cM+2iIWBP
XG/SCiUIiEcZnB+FrW9su2V0RinL2HmLXixhk5FMBEeP5mgR3xXDqmL70FpTgViF
u0G3q9QNGwij/uaLxI42q6l5ZjoKlg4FZmZOeZoXLAcQA+oly4QgEp3I3tm07qSj
470R9ZLo1Yr4QReGZJO0TNDM4giwdWKxZ1VYnDT6kADKBz+gY2H5jO847yNrWJ4x
2OIsccMA67+C4DvokRMHAKko9dZQZBt5+fHZkNhvbVWN6fldittPnHoIX+zHC+ep
ninbsINr3YOX8baNfLmnqMuX3/4bVWQuZPRyIDsCCVyYzfjeTlnx5svePeIJD7vk
1up5Rfbf8YUKkXuKhm7rZMTBOG/AQBvZT/BkVn94M+P9lGyLMk3CMMgSuHnNYFXP
H0Sg89R6SkHtdm/bjqy9XLwE6ZWrzIM1C6MBlWLQXg5P6bK0NWhkTY0nDraf0BNC
a/FynXlBckSuu1r2yGoP8Ubt7NBpMPgBEOrVr6QxSlZtqQXqO8/jzT7iLlGGmG5k
AQNCEsbHF41uUgLGS3JQ
=ZifM
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-4701:01 Moderate: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 7

Summary

The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.
Security Fix(es):
* subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration (CVE-2023-3899)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2023-3899 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat Enterprise Linux Client (v. 7):
Source: subscription-manager-1.24.52-2.el7_9.src.rpm
x86_64: python-syspurpose-1.24.52-2.el7_9.x86_64.rpm rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm subscription-manager-1.24.52-2.el7_9.x86_64.rpm subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm
x86_64: subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: subscription-manager-1.24.52-2.el7_9.src.rpm
x86_64: python-syspurpose-1.24.52-2.el7_9.x86_64.rpm subscription-manager-1.24.52-2.el7_9.x86_64.rpm subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm
x86_64: rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: subscription-manager-1.24.52-2.el7_9.src.rpm
ppc64: python-syspurpose-1.24.52-2.el7_9.ppc64.rpm rhsm-gtk-1.24.52-2.el7_9.ppc64.rpm subscription-manager-1.24.52-2.el7_9.ppc64.rpm subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64.rpm subscription-manager-gui-1.24.52-2.el7_9.ppc64.rpm subscription-manager-initial-setup-addon-1.24.52-2.el7_9.ppc64.rpm subscription-manager-migration-1.24.52-2.el7_9.ppc64.rpm subscription-manager-plugin-container-1.24.52-2.el7_9.ppc64.rpm subscription-manager-rhsm-1.24.52-2.el7_9.ppc64.rpm subscription-manager-rhsm-certificates-1.24.52-2.el7_9.ppc64.rpm
ppc64le: python-syspurpose-1.24.52-2.el7_9.ppc64le.rpm rhsm-gtk-1.24.52-2.el7_9.ppc64le.rpm subscription-manager-1.24.52-2.el7_9.ppc64le.rpm subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64le.rpm subscription-manager-gui-1.24.52-2.el7_9.ppc64le.rpm subscription-manager-initial-setup-addon-1.24.52-2.el7_9.ppc64le.rpm subscription-manager-migration-1.24.52-2.el7_9.ppc64le.rpm subscription-manager-plugin-container-1.24.52-2.el7_9.ppc64le.rpm subscription-manager-rhsm-1.24.52-2.el7_9.ppc64le.rpm subscription-manager-rhsm-certificates-1.24.52-2.el7_9.ppc64le.rpm
s390x: python-syspurpose-1.24.52-2.el7_9.s390x.rpm rhsm-gtk-1.24.52-2.el7_9.s390x.rpm subscription-manager-1.24.52-2.el7_9.s390x.rpm subscription-manager-debuginfo-1.24.52-2.el7_9.s390x.rpm subscription-manager-gui-1.24.52-2.el7_9.s390x.rpm subscription-manager-initial-setup-addon-1.24.52-2.el7_9.s390x.rpm subscription-manager-migration-1.24.52-2.el7_9.s390x.rpm subscription-manager-plugin-container-1.24.52-2.el7_9.s390x.rpm subscription-manager-rhsm-1.24.52-2.el7_9.s390x.rpm subscription-manager-rhsm-certificates-1.24.52-2.el7_9.s390x.rpm
x86_64: python-syspurpose-1.24.52-2.el7_9.x86_64.rpm rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm subscription-manager-1.24.52-2.el7_9.x86_64.rpm subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm
ppc64: subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64.rpm subscription-manager-plugin-ostree-1.24.52-2.el7_9.ppc64.rpm
ppc64le: subscription-manager-debuginfo-1.24.52-2.el7_9.ppc64le.rpm subscription-manager-plugin-ostree-1.24.52-2.el7_9.ppc64le.rpm
s390x: subscription-manager-debuginfo-1.24.52-2.el7_9.s390x.rpm subscription-manager-plugin-ostree-1.24.52-2.el7_9.s390x.rpm
x86_64: subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: subscription-manager-1.24.52-2.el7_9.src.rpm
x86_64: python-syspurpose-1.24.52-2.el7_9.x86_64.rpm rhsm-gtk-1.24.52-2.el7_9.x86_64.rpm subscription-manager-1.24.52-2.el7_9.x86_64.rpm subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm subscription-manager-gui-1.24.52-2.el7_9.x86_64.rpm subscription-manager-initial-setup-addon-1.24.52-2.el7_9.x86_64.rpm subscription-manager-migration-1.24.52-2.el7_9.x86_64.rpm subscription-manager-plugin-container-1.24.52-2.el7_9.x86_64.rpm subscription-manager-rhsm-1.24.52-2.el7_9.x86_64.rpm subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: subscription-manager-cockpit-1.24.52-2.el7_9.noarch.rpm
x86_64: subscription-manager-debuginfo-1.24.52-2.el7_9.x86_64.rpm subscription-manager-plugin-ostree-1.24.52-2.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2023:4701-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4701
Issued Date: : 2023-08-22
CVE Names: CVE-2023-3899

Topic

An update for subscription-manager is now available for Red Hat EnterpriseLinux 7.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux Client (v. 7) - x86_64

Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64

Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64


Bugs Fixed

2225407 - CVE-2023-3899 subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration


Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo