VYPR

rpm package

almalinux/rpm-devel

pkg:rpm/almalinux/rpm-devel

Vulnerabilities (3)

  • CVE-2021-35939Aug 26, 2022
    affected < 4.16.1.3-27.el9_3fixed 4.16.1.3-27.el9_3

    It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges.

  • CVE-2021-35938Aug 25, 2022
    affected < 4.16.1.3-27.el9_3fixed 4.16.1.3-27.el9_3

    A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privile

  • CVE-2021-35937Aug 25, 2022
    affected < 4.16.1.3-27.el9_3fixed 4.16.1.3-27.el9_3

    A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data conf