Security update for inn SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1427-1 Final 1 1 2020-09-14T18:22:40Z current 2020-09-14T18:22:40Z 2020-09-14T18:22:40Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for inn This update for inn fixes the following issues: - change file owners in /usr/lib/news to root [boo#1172573] [CVE-2020-8026] This update was imported from the openSUSE:Leap:15.2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1427 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html E-Mail link for openSUSE-SU-2020:1427-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1172573 SUSE Bug 1172573 https://www.suse.com/security/cve/CVE-2020-8026/ SUSE CVE CVE-2020-8026 page SUSE Package Hub 15 SP2 inn-2.6.2-bp152.2.4.1 inn-devel-2.6.2-bp152.2.4.1 mininews-2.6.2-bp152.2.4.1 inn-2.6.2-bp152.2.4.1 as a component of SUSE Package Hub 15 SP2 inn-devel-2.6.2-bp152.2.4.1 as a component of SUSE Package Hub 15 SP2 mininews-2.6.2-bp152.2.4.1 as a component of SUSE Package Hub 15 SP2 A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions. CVE-2020-8026 SUSE Package Hub 15 SP2:inn-2.6.2-bp152.2.4.1 SUSE Package Hub 15 SP2:inn-devel-2.6.2-bp152.2.4.1 SUSE Package Hub 15 SP2:mininews-2.6.2-bp152.2.4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html https://www.suse.com/security/cve/CVE-2020-8026.html CVE-2020-8026 https://bugzilla.suse.com/1172573 SUSE Bug 1172573