* It was found that subscription-manager set weak permissions on files in
/var/lib/rhsm/, causing an information disclosure. A local, unprivileged
user could use this flaw to access sensitive data that could potentially
be used in a social engineering attack. (CVE-2016-4455)
--