SCIENTIFIC-LINUX-ERRATA Archives

January 2017

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: subscription-manager on SL7.x x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Mon, 9 Jan 2017 20:25:31 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (29 lines) 
Synopsis:          Moderate: subscription-manager security, bug fix, and enhancement update

Advisory ID:       SLSA-2016:2592-2

Issue Date:        2016-11-03

CVE Numbers:       CVE-2016-4455

--



* It was found that subscription-manager set weak permissions on files in

/var/lib/rhsm/, causing an information disclosure. A local, unprivileged

user could use this flaw to access sensitive data that could potentially

be used in a social engineering attack. (CVE-2016-4455)

--



SL7

  x86_64

    python-rhsm-1.17.9-1.el7.x86_64.rpm

    python-rhsm-certificates-1.17.9-1.el7.x86_64.rpm

    python-rhsm-debuginfo-1.17.9-1.el7.x86_64.rpm

    subscription-manager-1.17.15-1.el7.x86_64.rpm

    subscription-manager-debuginfo-1.17.15-1.el7.x86_64.rpm

    subscription-manager-gui-1.17.15-1.el7.x86_64.rpm

    subscription-manager-initial-setup-addon-1.17.15-1.el7.x86_64.rpm

    subscription-manager-migration-1.17.15-1.el7.x86_64.rpm

    subscription-manager-plugin-container-1.17.15-1.el7.x86_64.rpm

    subscription-manager-plugin-ostree-1.17.15-1.el7.x86_64.rpm

  noarch

    subscription-manager-migration-data-2.0.31-1.el7.noarch.rpm



- Scientific Linux Development Team

ATOM RSS1 RSS2