Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:6269
HistoryAug 31, 2022 - 12:57 p.m.

(RHSA-2022:6269) Moderate: convert2rhel security, bug fix, and enhancement update

2022-08-3112:57:58
access.redhat.com
16
convert2rhel
security fix
bug fix
enhancement
rpm packages
red hat enterprise linux
operating system conversion
activation key
command line
cve-2022-0851
dbus api
rhsm registration
gpg key
ubi repositories
deprecation
parameter option
authentication sources
logging error
rhsm certificate
shim-x64 package
cvss score
references section

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

17.8%

JSON

The convert2rhel package provides the Convert2RHEL utility, which performs operating system conversion. During the conversion process, Convert2RHEL replaces all RPM packages from the original Linux distribution with their Red Hat Enterprise Linux versions.

Security Fix(es):

  • convert2rhel: Activation key passed via command line by code (CVE-2022-0851)

Bug Fix(es):

  • Using dbus API for RHSM registration to safely pass the activation key
  • Verifying GPG key for UBI repositories

Deprecation:

  • Deprecated -f|--password-from-file parameter option.

Enhancement(s):

  • Checking if a new version of convert2rhel is available
  • Warning if multiple authentication sources are specified
  • Fixed logging error with unavailable RHSM certificate
  • Fixed handling shim-x64 package protection on non-UEFI systems

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8noarchconvert2rhel< 1.0-1.el8convert2rhel-1.0-1.el8.noarch.rpm

Related

redhatcve 1
cve 1
redhat 2
nessus 3
veracode 1
cvelist 1
prion 1
nvd 1
redhatcve
redhatcve
CVE-2022-0851
2022-04-26 16:34:01
cve
cve
CVE-2022-0851
2022-08-29 15:15:09
redhat
redhat
(RHSA-2022:6268) Moderate: convert2rhel security, bug fix, and enhancement update
2022-08-31 12:57:10
(RHSA-2022:6266) Moderate: convert2rhel security update
2022-08-31 12:55:29
nessus
nessus
RHEL 8 : convert2rhel (RHSA-2022:6269)
2024-04-28 00:00:00
RHEL 6 : convert2rhel (RHSA-2022:6266)
2024-04-28 00:00:00
RHEL 7 : convert2rhel (RHSA-2022:6268)
2024-04-28 00:00:00
veracode
veracode
Information Disclosure
2022-10-06 22:47:43
cvelist
cvelist
CVE-2022-0851
2022-08-29 14:03:05
prion
prion
Design/Logic Flaw
2022-08-29 15:15:00
nvd
nvd
CVE-2022-0851
2022-08-29 15:15:09

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

17.8%

JSON
Related for RHSA-2022:6269
redhatcve1cve1redhat2nessus3veracode1cvelist1prion1nvd1