rpm package
suse/rpm&distro=SUSE Linux Enterprise Software Development Kit 12 SP4
pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-7500 | Hig | 7.3 | < 4.11.2-16.21.1 | 4.11.2-16.21.1 | Aug 13, 2018 | It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write acces | |
| CVE-2017-7501 | Hig | 7.8 | < 4.11.2-16.21.1 | 4.11.2-16.21.1 | Nov 22, 2017 | It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibl |
- affected < 4.11.2-16.21.1fixed 4.11.2-16.21.1
It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write acces
- affected < 4.11.2-16.21.1fixed 4.11.2-16.21.1
It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibl