app-arch/rpm2targz: multiple vulnerabilites (CVE-2010-{2059,2197,2198,2199})
Bug #634183 reported by
Jeff Johnson
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
RPM |
In Progress
|
Low
|
Unassigned | ||
Fedora |
Invalid
|
Medium
|
|||
Gentoo Linux |
Confirmed
|
High
|
|||
Mandriva |
Unknown
|
Medium
|
tags: | added: gentoo |
tags: | added: mandriva |
Changed in rpm: | |
milestone: | none → 4.8.1 |
Changed in mandriva: | |
status: | Unknown → Confirmed |
Changed in gentoo: | |
status: | Unknown → Confirmed |
Changed in gentoo: | |
importance: | Unknown → High |
Changed in mandriva: | |
importance: | Unknown → Medium |
Changed in mandriva: | |
status: | Confirmed → Unknown |
Changed in fedora: | |
importance: | Unknown → Medium |
status: | Unknown → Invalid |
To post a comment you must log in.
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2199 to
the following vulnerability:
Name: CVE-2010-2199 cve.mitre. org/cgi- bin/cvename. cgi?name= CVE-2010- 2199 /bugzilla. redhat. com/show_ bug.cgi? id=125517
URL: http://
Assigned: 20100608
Reference: CONFIRM: https:/
lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the
metadata of an executable file during replacement of the file in an
RPM package upgrade or deletion of the file in an RPM package removal,
which might allow local users to bypass intended access restrictions
by creating a hard link to a vulnerable file that has a POSIX ACL, a
related issue to CVE-2010-2059.
See bug #598775 for an initial description and comments of this issue. Because
different CVE names were assigned for different, yet related, issues, a
separate bug has been filed for this particular issue.