Red Hat Security Advisory 2013-0686-01 - Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. The latest packages for Subscription Asset Manager include a number of security fixes: When a Subscription Asset Manager instance is created, its configuration script automatically creates an RPM of the internal subscription service CA certificate. However, this RPM incorrectly created the CA certificate with file permissions of 0666. This allowed other users on a client system to modify the CA certificate used to trust the remote subscription server. All administrators are advised to update and deploy the subscription service certificate on all systems which use Subscription Asset Manager as their subscription service.
0963c8e1d61d8ac6df642de01a0698f0b64aa8bfa0d30d87859ee165ddb3111bRed Hat Security Advisory 2013-0547-01 - Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service product that lets you create and manage private and public clouds. It provides self-service computing resources to users in a managed, governed, and secure way. CloudForms System Engine can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments. It was found that the "/usr/share/katello/script/katello-generate-passphrase" utility, which is run during the installation and configuration process, set world-readable permissions on the "/etc/katello/secure/passphrase" file. A local attacker could use this flaw to obtain the passphrase for Katello, giving them access to information they would otherwise not have access to.
339740d9406c3350301caab4ada52a15b3430be5af36a984271eda01e623b9b6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed