CVE-2017-7501

Priority
Description
It was found that versions of rpm before 4.13.0.2 use temporary files with
predictable names when installing an RPM. An attacker with ability to write
in a directory where files will be installed could create symbolic links to
an arbitrary location and modify content, and possibly permissions to
arbitrary files, which could be used for denial of service or possibly
privilege escalation.
Package
Source: rpm (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 18.10 (Cosmic Cuttlefish):needs-triage
Ubuntu 19.04 (Disco Dingo):needs-triage
More Information

Updated: 2018-10-31 20:29:37 UTC (commit cfa7cf69d76449ccff972ac22f40976a08d908c2)