SUSE Package Hub - openSUSE-2021-986

Update Info

openSUSE-2021-986

Security update for inn

Type: security

Severity: important

Issued: 2021-07-08

Description:

This update for inn fixes the following issues:

- CVE-2021-31998: change user to news before calling innupgrade to avoid a "inn" to "root" privilege escalation [boo#1182321]

References

CVE: CVE-2021-31998
Bugzilla: 1182321 VUL-0: CVE-2021-31998: inn: %post calls user owned file, LPE to root

Packages

inn-2.6.2-bp153.3.3.1