SUSE Package Hub - openSUSE-2021-845

Update Info

openSUSE-2021-845

Security update for inn

Type: security

Severity: moderate

Issued: 2021-06-07

Description:

This update for inn fixes the following issues:

- CVE-2021-31998: change user to news before calling innupgrade, which could have 
  allow local privilege escalation.
  [boo#1182321]

This update was imported from the openSUSE:Leap:15.2:Update update project.

References

CVE: CVE-2021-31998
Bugzilla: 1182321 VUL-0: CVE-2021-31998: inn: %post calls user owned file, LPE to root

Packages

inn-2.6.2-bp152.2.8.1