Security update for python-rtslib-fb SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1156-1 Final 1 1 2020-08-07T04:16:52Z current 2020-08-07T04:16:52Z 2020-08-07T04:16:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-rtslib-fb This update for python-rtslib-fb fixes the following issues: - Update to version v2.1.73 (bsc#1173257 CVE-2020-14019): * version 2.1.73 * save_to_file: fix fd open mode * saveconfig: copy temp configfile with permissions * saveconfig: open the temp configfile with modes set * Fix 'is not' with a literal SyntaxWarning * Fix an incorrect config path in two comments * version 2.1.72 * Do not change dbroot after drivers have been registered * Remove '_if_needed' from RTSRoot._set_dbroot()'s name Replacing old tarball with python-rtslib-fb-v2.1.73.tar.xz This update was imported from the SUSE:SLE-15-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1156 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2JAYTWHR6VYW7M5KLVZ2QEMLBDK5TCX4/ E-Mail link for openSUSE-SU-2020:1156-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1173257 SUSE Bug 1173257 https://www.suse.com/security/cve/CVE-2020-14019/ SUSE CVE CVE-2020-14019 page openSUSE Leap 15.2 python2-rtslib-fb-2.1.73-lp152.2.3.1 python3-rtslib-fb-2.1.73-lp152.2.3.1 python2-rtslib-fb-2.1.73-lp152.2.3.1 as a component of openSUSE Leap 15.2 python3-rtslib-fb-2.1.73-lp152.2.3.1 as a component of openSUSE Leap 15.2 Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved. CVE-2020-14019 openSUSE Leap 15.2:python2-rtslib-fb-2.1.73-lp152.2.3.1 openSUSE Leap 15.2:python3-rtslib-fb-2.1.73-lp152.2.3.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2JAYTWHR6VYW7M5KLVZ2QEMLBDK5TCX4/ https://www.suse.com/security/cve/CVE-2020-14019.html CVE-2020-14019 https://bugzilla.suse.com/1173257 SUSE Bug 1173257