Candidate: CVE-2017-7501
PublicDate: 2017-11-22 22:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501
 https://bugzilla.redhat.com/show_bug.cgi?id=1452133
Description:
 It was found that versions of rpm before 4.13.0.2 use temporary files with
 predictable names when installing an RPM. An attacker with ability to write
 in a directory where files will be installed could create symbolic links to
 an arbitrary location and modify content, and possibly permissions to
 arbitrary files, which could be used for denial of service or possibly
 privilege escalation.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_rpm:
Tags_rpm: universe-binary
upstream_rpm: needed
precise/esm_rpm: ignored (end of ESM support, was needed)
trusty_rpm: ignored (reached end-of-life)
trusty/esm_rpm: needed
vivid/ubuntu-core_rpm: DNE
xenial_rpm: ignored (end of standard support, was needed)
yakkety_rpm: ignored (reached end-of-life)
zesty_rpm: ignored (reached end-of-life)
artful_rpm: ignored (reached end-of-life)
bionic_rpm: not-affected (4.14.1+dfsg1-2)
cosmic_rpm: ignored (reached end-of-life)
disco_rpm: ignored (reached end-of-life)
eoan_rpm: ignored (reached end-of-life)
focal_rpm: not-affected (4.14.2.1+dfsg1-1build2)
groovy_rpm: not-affected (4.14.2.1+dfsg1-1.1)
hirsute_rpm: not-affected (4.16.1.2+dfsg1-0.6)
impish_rpm: not-affected (4.16.1.2+dfsg1-0.6)
jammy_rpm: not-affected (4.16.1.2+dfsg1-0.6)
devel_rpm: not-affected (4.16.1.2+dfsg1-0.6)