Comment 3 for bug 634183

Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2199 to
the following vulnerability:

Name: CVE-2010-2199
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2199
Assigned: 20100608
Reference: CONFIRM: https://bugzilla.redhat.com/show_bug.cgi?id=125517

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the
metadata of an executable file during replacement of the file in an
RPM package upgrade or deletion of the file in an RPM package removal,
which might allow local users to bypass intended access restrictions
by creating a hard link to a vulnerable file that has a POSIX ACL, a
related issue to CVE-2010-2059.

See bug #598775 for an initial description and comments of this issue. Because
different CVE names were assigned for different, yet related, issues, a
separate bug has been filed for this particular issue.