CVE-2017-7501

Priority
Description
It was found that versions of rpm before 4.13.0.2 use temporary files with
predictable names when installing an RPM. An attacker with ability to write
in a directory where files will be installed could create symbolic links to
an arbitrary location and modify content, and possibly permissions to
arbitrary files, which could be used for denial of service or possibly
privilege escalation.
Package
Source: rpm (LP Ubuntu Debian)
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):needed
Trusty/esm:needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
More Information

Updated: 2019-04-26 14:24:00 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)