RHSA-2013:0788-01 -- Redhat subscription-managerID: oval:org.secpod.oval:def:501052 | Date: (C)2013-05-07 (M)2021-09-11 |
Class: PATCH | Family: unix |
The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat Entitlement platform. It was discovered that the rhn-migrate-classic-to-rhsm tool did not verify the Red Hat Network Classic server"s X.509 certificate when migrating system profiles registered with Red Hat Network Classic to Certificate-based Red Hat Network. An attacker could use this flaw to conduct man-in-the-middle attacks, allowing them to obtain the user"s Red Hat Network credentials. This issue was discovered by Florian Weimer of the Red Hat Product Security Team. All users of subscription-manager are advised to upgrade to these updated packages, which contain a backported patch to fix this issue.
Platform: |
Red Hat Enterprise Linux 6 |
Red Hat Enterprise Linux 5 |
Product: |
subscription-manager |