VYPR

rpm package

suse/rpm&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4

pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Vulnerabilities (2)

  • CVE-2017-7500HigAug 13, 2018
    affected < 4.11.2-16.21.1fixed 4.11.2-16.21.1

    It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write acces

  • CVE-2017-7501HigNov 22, 2017
    affected < 4.11.2-16.21.1fixed 4.11.2-16.21.1

    It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibl