{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2023 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for inn","title":"Title of the patch"},{"category":"description","text":"This update for inn fixes the following issues:\n\n- change file owners in /usr/lib/news to root [boo#1172573] [CVE-2020-8026]\n\nThis update was imported from the openSUSE:Leap:15.2:Update update project.","title":"Description of the patch"},{"category":"details","text":"openSUSE-2020-1427","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"self","summary":"URL for openSUSE-SU-2020:1427-1","url":"https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html"},{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1427-1.json"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2020:1427-1","url":"https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html"},{"category":"self","summary":"SUSE Bug 1172573","url":"https://bugzilla.suse.com/1172573"},{"category":"self","summary":"SUSE CVE CVE-2020-8026 page","url":"https://www.suse.com/security/cve/CVE-2020-8026/"}],"title":"Security update for inn","tracking":{"current_release_date":"2020-09-14T18:22:40Z","generator":{"date":"2020-09-14T18:22:40Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2020:1427-1","initial_release_date":"2020-09-14T18:22:40Z","revision_history":[{"date":"2020-09-14T18:22:40Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"inn-2.6.2-bp152.2.4.1.aarch64","product":{"name":"inn-2.6.2-bp152.2.4.1.aarch64","product_id":"inn-2.6.2-bp152.2.4.1.aarch64"}},{"category":"product_version","name":"inn-devel-2.6.2-bp152.2.4.1.aarch64","product":{"name":"inn-devel-2.6.2-bp152.2.4.1.aarch64","product_id":"inn-devel-2.6.2-bp152.2.4.1.aarch64"}},{"category":"product_version","name":"mininews-2.6.2-bp152.2.4.1.aarch64","product":{"name":"mininews-2.6.2-bp152.2.4.1.aarch64","product_id":"mininews-2.6.2-bp152.2.4.1.aarch64"}}],"category":"architecture","name":"aarch64"},{"branches":[{"category":"product_version","name":"inn-2.6.2-bp152.2.4.1.ppc64le","product":{"name":"inn-2.6.2-bp152.2.4.1.ppc64le","product_id":"inn-2.6.2-bp152.2.4.1.ppc64le"}},{"category":"product_version","name":"inn-devel-2.6.2-bp152.2.4.1.ppc64le","product":{"name":"inn-devel-2.6.2-bp152.2.4.1.ppc64le","product_id":"inn-devel-2.6.2-bp152.2.4.1.ppc64le"}},{"category":"product_version","name":"mininews-2.6.2-bp152.2.4.1.ppc64le","product":{"name":"mininews-2.6.2-bp152.2.4.1.ppc64le","product_id":"mininews-2.6.2-bp152.2.4.1.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"inn-2.6.2-bp152.2.4.1.s390x","product":{"name":"inn-2.6.2-bp152.2.4.1.s390x","product_id":"inn-2.6.2-bp152.2.4.1.s390x"}},{"category":"product_version","name":"inn-devel-2.6.2-bp152.2.4.1.s390x","product":{"name":"inn-devel-2.6.2-bp152.2.4.1.s390x","product_id":"inn-devel-2.6.2-bp152.2.4.1.s390x"}},{"category":"product_version","name":"mininews-2.6.2-bp152.2.4.1.s390x","product":{"name":"mininews-2.6.2-bp152.2.4.1.s390x","product_id":"mininews-2.6.2-bp152.2.4.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"inn-2.6.2-bp152.2.4.1.x86_64","product":{"name":"inn-2.6.2-bp152.2.4.1.x86_64","product_id":"inn-2.6.2-bp152.2.4.1.x86_64"}},{"category":"product_version","name":"inn-devel-2.6.2-bp152.2.4.1.x86_64","product":{"name":"inn-devel-2.6.2-bp152.2.4.1.x86_64","product_id":"inn-devel-2.6.2-bp152.2.4.1.x86_64"}},{"category":"product_version","name":"mininews-2.6.2-bp152.2.4.1.x86_64","product":{"name":"mininews-2.6.2-bp152.2.4.1.x86_64","product_id":"mininews-2.6.2-bp152.2.4.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Package Hub 15 SP2","product":{"name":"SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2"}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"inn-2.6.2-bp152.2.4.1.aarch64 as component of SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2:inn-2.6.2-bp152.2.4.1.aarch64"},"product_reference":"inn-2.6.2-bp152.2.4.1.aarch64","relates_to_product_reference":"SUSE Package Hub 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"inn-2.6.2-bp152.2.4.1.ppc64le as component of SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2:inn-2.6.2-bp152.2.4.1.ppc64le"},"product_reference":"inn-2.6.2-bp152.2.4.1.ppc64le","relates_to_product_reference":"SUSE Package Hub 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"inn-2.6.2-bp152.2.4.1.s390x as component of SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2:inn-2.6.2-bp152.2.4.1.s390x"},"product_reference":"inn-2.6.2-bp152.2.4.1.s390x","relates_to_product_reference":"SUSE Package Hub 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"inn-2.6.2-bp152.2.4.1.x86_64 as component of SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2:inn-2.6.2-bp152.2.4.1.x86_64"},"product_reference":"inn-2.6.2-bp152.2.4.1.x86_64","relates_to_product_reference":"SUSE Package Hub 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"inn-devel-2.6.2-bp152.2.4.1.aarch64 as component of SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2:inn-devel-2.6.2-bp152.2.4.1.aarch64"},"product_reference":"inn-devel-2.6.2-bp152.2.4.1.aarch64","relates_to_product_reference":"SUSE Package Hub 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"inn-devel-2.6.2-bp152.2.4.1.ppc64le as component of SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2:inn-devel-2.6.2-bp152.2.4.1.ppc64le"},"product_reference":"inn-devel-2.6.2-bp152.2.4.1.ppc64le","relates_to_product_reference":"SUSE Package Hub 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"inn-devel-2.6.2-bp152.2.4.1.s390x as component of SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2:inn-devel-2.6.2-bp152.2.4.1.s390x"},"product_reference":"inn-devel-2.6.2-bp152.2.4.1.s390x","relates_to_product_reference":"SUSE Package Hub 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"inn-devel-2.6.2-bp152.2.4.1.x86_64 as component of SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2:inn-devel-2.6.2-bp152.2.4.1.x86_64"},"product_reference":"inn-devel-2.6.2-bp152.2.4.1.x86_64","relates_to_product_reference":"SUSE Package Hub 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"mininews-2.6.2-bp152.2.4.1.aarch64 as component of SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2:mininews-2.6.2-bp152.2.4.1.aarch64"},"product_reference":"mininews-2.6.2-bp152.2.4.1.aarch64","relates_to_product_reference":"SUSE Package Hub 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"mininews-2.6.2-bp152.2.4.1.ppc64le as component of SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2:mininews-2.6.2-bp152.2.4.1.ppc64le"},"product_reference":"mininews-2.6.2-bp152.2.4.1.ppc64le","relates_to_product_reference":"SUSE Package Hub 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"mininews-2.6.2-bp152.2.4.1.s390x as component of SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2:mininews-2.6.2-bp152.2.4.1.s390x"},"product_reference":"mininews-2.6.2-bp152.2.4.1.s390x","relates_to_product_reference":"SUSE Package Hub 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"mininews-2.6.2-bp152.2.4.1.x86_64 as component of SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2:mininews-2.6.2-bp152.2.4.1.x86_64"},"product_reference":"mininews-2.6.2-bp152.2.4.1.x86_64","relates_to_product_reference":"SUSE Package Hub 15 SP2"}]},"vulnerabilities":[{"cve":"CVE-2020-8026","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-8026"}],"notes":[{"category":"general","text":"A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.","title":"Vulnerability description"}],"product_status":{"fixed":["SUSE Package Hub 15 SP2:inn-2.6.2-bp152.2.4.1.aarch64","SUSE Package Hub 15 SP2:inn-2.6.2-bp152.2.4.1.ppc64le","SUSE Package Hub 15 SP2:inn-2.6.2-bp152.2.4.1.s390x","SUSE Package Hub 15 SP2:inn-2.6.2-bp152.2.4.1.x86_64","SUSE Package Hub 15 SP2:inn-devel-2.6.2-bp152.2.4.1.aarch64","SUSE Package Hub 15 SP2:inn-devel-2.6.2-bp152.2.4.1.ppc64le","SUSE Package Hub 15 SP2:inn-devel-2.6.2-bp152.2.4.1.s390x","SUSE Package Hub 15 SP2:inn-devel-2.6.2-bp152.2.4.1.x86_64","SUSE Package Hub 15 SP2:mininews-2.6.2-bp152.2.4.1.aarch64","SUSE Package Hub 15 SP2:mininews-2.6.2-bp152.2.4.1.ppc64le","SUSE Package Hub 15 SP2:mininews-2.6.2-bp152.2.4.1.s390x","SUSE Package Hub 15 SP2:mininews-2.6.2-bp152.2.4.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-8026","url":"https://www.suse.com/security/cve/CVE-2020-8026"},{"category":"external","summary":"SUSE Bug 1172573 for CVE-2020-8026","url":"https://bugzilla.suse.com/1172573"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 15 SP2:inn-2.6.2-bp152.2.4.1.aarch64","SUSE Package Hub 15 SP2:inn-2.6.2-bp152.2.4.1.ppc64le","SUSE Package Hub 15 SP2:inn-2.6.2-bp152.2.4.1.s390x","SUSE Package Hub 15 SP2:inn-2.6.2-bp152.2.4.1.x86_64","SUSE Package Hub 15 SP2:inn-devel-2.6.2-bp152.2.4.1.aarch64","SUSE Package Hub 15 SP2:inn-devel-2.6.2-bp152.2.4.1.ppc64le","SUSE Package Hub 15 SP2:inn-devel-2.6.2-bp152.2.4.1.s390x","SUSE Package Hub 15 SP2:inn-devel-2.6.2-bp152.2.4.1.x86_64","SUSE Package Hub 15 SP2:mininews-2.6.2-bp152.2.4.1.aarch64","SUSE Package Hub 15 SP2:mininews-2.6.2-bp152.2.4.1.ppc64le","SUSE Package Hub 15 SP2:mininews-2.6.2-bp152.2.4.1.s390x","SUSE Package Hub 15 SP2:mininews-2.6.2-bp152.2.4.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Package Hub 15 SP2:inn-2.6.2-bp152.2.4.1.aarch64","SUSE Package Hub 15 SP2:inn-2.6.2-bp152.2.4.1.ppc64le","SUSE Package Hub 15 SP2:inn-2.6.2-bp152.2.4.1.s390x","SUSE Package Hub 15 SP2:inn-2.6.2-bp152.2.4.1.x86_64","SUSE Package Hub 15 SP2:inn-devel-2.6.2-bp152.2.4.1.aarch64","SUSE Package Hub 15 SP2:inn-devel-2.6.2-bp152.2.4.1.ppc64le","SUSE Package Hub 15 SP2:inn-devel-2.6.2-bp152.2.4.1.s390x","SUSE Package Hub 15 SP2:inn-devel-2.6.2-bp152.2.4.1.x86_64","SUSE Package Hub 15 SP2:mininews-2.6.2-bp152.2.4.1.aarch64","SUSE Package Hub 15 SP2:mininews-2.6.2-bp152.2.4.1.ppc64le","SUSE Package Hub 15 SP2:mininews-2.6.2-bp152.2.4.1.s390x","SUSE Package Hub 15 SP2:mininews-2.6.2-bp152.2.4.1.x86_64"]}],"threats":[{"category":"impact","date":"2020-09-14T18:22:40Z","details":"important"}],"title":"CVE-2020-8026"}]}