Launchpad.net

CVE 2010-2198

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.

Related bugs and status

CVE-2010-2198 (Candidate) is related to these bugs:

Bug #634183: app-arch/rpm2targz: multiple vulnerabilites (CVE-2010-{2059,2197,2198,2199})

		In	Importance	Status
634183	app-arch/rpm2targz: multiple vulnerabilites (CVE-2010-{2059,2197,2198,2199})	RPM	Low	In Progress
634183	app-arch/rpm2targz: multiple vulnerabilites (CVE-2010-{2059,2197,2198,2199})	Gentoo Linux	High	Confirmed
634183	app-arch/rpm2targz: multiple vulnerabilites (CVE-2010-{2059,2197,2198,2199})	Mandriva	Medium	Unknown
634183	app-arch/rpm2targz: multiple vulnerabilites (CVE-2010-{2059,2197,2198,2199})	Fedora	Medium	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-2198

Related bugs and status

Related bugs

References