openSUSE-SU-2020:1156-1

Опубликовано: 07 авг. 2020

Источник: suse-cvrf

Описание

Security update for python-rtslib-fb

This update for python-rtslib-fb fixes the following issues:

Update to version v2.1.73 (bsc#1173257 CVE-2020-14019):
- version 2.1.73
- save_to_file: fix fd open mode
- saveconfig: copy temp configfile with permissions
- saveconfig: open the temp configfile with modes set
- Fix 'is not' with a literal SyntaxWarning
- Fix an incorrect config path in two comments
- version 2.1.72
- Do not change dbroot after drivers have been registered
- Remove '_if_needed' from RTSRoot._set_dbroot()'s name Replacing old tarball with python-rtslib-fb-v2.1.73.tar.xz

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Список пакетов

openSUSE Leap 15.2

python2-rtslib-fb-2.1.73-lp152.2.3.1

python3-rtslib-fb-2.1.73-lp152.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2JAYTWHR6VYW7M5KLVZ2QEMLBDK5TCX4/
E-Mail link for openSUSE-SU-2020:1156-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1173257
SUSE Bug 1173257
https://www.suse.com/security/cve/CVE-2020-14019/
SUSE CVE CVE-2020-14019 page

Описание

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.

Затронутые продукты

openSUSE Leap 15.2:python2-rtslib-fb-2.1.73-lp152.2.3.1

openSUSE Leap 15.2:python3-rtslib-fb-2.1.73-lp152.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-14019.html
CVE-2020-14019
https://bugzilla.suse.com/1173257
SUSE Bug 1173257

openSUSE-SU-2020:1156-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2020-14019

Описание

Затронутые продукты

Ссылки