Описание
Security update for inn
This update for inn fixes the following issues:
- CVE-2021-31998: change user to news before calling innupgrade, which could have allow local privilege escalation. [boo#1182321]
Список пакетов
openSUSE Leap 15.2
inn-2.6.2-lp152.2.6.1
inn-devel-2.6.2-lp152.2.6.1
mininews-2.6.2-lp152.2.6.1
Ссылки
- E-Mail link for openSUSE-SU-2021:0830-1
- SUSE Security Ratings
- SUSE Bug 1182321
- SUSE CVE CVE-2021-31998 page
Описание
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2.
Затронутые продукты
openSUSE Leap 15.2:inn-2.6.2-lp152.2.6.1
openSUSE Leap 15.2:inn-devel-2.6.2-lp152.2.6.1
openSUSE Leap 15.2:mininews-2.6.2-lp152.2.6.1
Ссылки
- CVE-2021-31998
- SUSE Bug 1182321
- SUSE Bug 1189836