VULNERABILITIES / FIXES - May 07, 2013
by Carol~ - 5/7/13 9:24 AM
Red Hat update for subscription-manager
Release Date : 2013-05-07
Criticality level : Less critical
Impact : Spoofing
Where : From remote
Solution Status: Vendor Patch
Operating System : Red Hat Enterprise Linux Desktop 5
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Server 5
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Workstation 6
Red Hat has issued an update for subscription-manager. This fixes a security issue which can be exploited by malicious people to conduct spoofing attacks.
The security issue is caused due to the application not properly verifying the server's X.509 certificate when migrating profiles. This can be exploited to e.g. conduct Man-in-the-Middle (MitM) attacks.
Updated packages are available via the Red Hat Network.
Provided and/or discovered by:
The vendor credits Florian Weimer, Red Hat Product Security Team.