Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

4.102. subscription-manager

Updated subscription-manager packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 5.
The Subscription Manager tool allows users to understand the specific products which have been installed on their machines, and the specific subscriptions which their machines are consuming.


The subscription-manager package has been upgraded to upstream version 1.8.22-1, which provides a number of bug fixes and enhancements over the previous version. Namely, this rebase addresses a number of usability issues, makes the client faster, and gives users a more consistent experience among Red Hat Enterprise Linux releases. (BZ#963413)

Bug Fixes

Previously, several options were missing from the migration script which prevented the user from migrating from RHN Classic to certificate-based Subscription Management. To fix this bug, options have been added therein and the user can now migrate flawlessly.
Prior to this update, the parameter-parsing code was constantly updating the configuration whenever the "--insecure" option was present. Consequently, the "--insecure" option would always overwrite the configuration value. The insecure value persistence has been modified to delay until after the command completes, thus fixing the bug.
Previously, the repolist command did not accept the "--proxy" option, which hindered listing repositories using the HTTP proxy server. To fix this bug, the "--proxy" option has been added to the repolist command. The user can now list their repositories while also specifying their HTTP proxy server connection.
Prior to this update, confusing error messages were displayed when the user's identity certificate expired. With this update, a proper message has been added. The users can now see when their identity certificates expire.
Previously, a systemd script was missing which prevented the systemctl utility from starting the rhsmcertd daemon. Systemd-style initialization scripts for rhsmcertd have been added. As a result, rhsmcertd can now be started successfully using systemctl.
Due to the incorrectly placed ca_cert_dir configuration entry in the /etc/rhsm/rhsm.conf file, interpolation problems occurred. To fix this bug, the ca_cert_dir configuration line has been moved from the [server] into [rhsm] section keeping the functionality as in previous versions.
Previously, the firstboot utility displayed unnecessary and confusing error messages to the user. To fix this bug, the content of the messages has been changed to inform the user clearly and effectively.


Subscription Manager can now be configured to not upload package profile data by setting the "report_package_profile = 1" configuration option in the /etc/rhsm/rhsm.conf file.
The hasNow() function has been removed as it was deprecated and no longer useful for the users.
All users of subscription-manager are advised to upgrade to these updated packages, which provide these bug fixes and add these enhancements.
Updated subscription-manager packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link associated with the description below.
The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat Entitlement platform.

Security Fix

It was discovered that the rhn-migrate-classic-to-rhsm tool did not verify the Red Hat Network Classic server's X.509 certificate when migrating system profiles registered with Red Hat Network Classic to Certificate-based Red Hat Network. An attacker could use this flaw to conduct man-in-the-middle attacks, allowing them to obtain the user's Red Hat Network credentials.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
All users of subscription-manager are advised to upgrade to these updated packages, which contain a backported patch to fix this issue.