{"id":"MGASA-2017-0394","summary":"Updated rpm package fixes security vulnerabilities","details":"It was found that rpm did not properly handle RPM installations when a\ndestination path was a symbolic link to a directory, possibly changing\nownership and permissions of an arbitrary directory, and RPM files being\nplaced in an arbitrary destination. An attacker, with write access to a\ndirectory in which a subdirectory will be installed, could redirect that\ndirectory to an arbitrary location and gain root privilege\n(CVE-2017-7500).\n\nIt was found that rpm uses temporary files with predictable names when\ninstalling an RPM. An attacker with ability to write in a directory\nwhere files will be installed could create symbolic links to an\narbitrary location and modify content, and possibly permissions to\narbitrary files, which could be used for denial of service or possibly\nprivilege escalation (CVE-2017-7501)\n","modified":"2026-04-16T01:48:19.739994930Z","published":"2017-10-30T19:23:17Z","upstream":["CVE-2017-7500","CVE-2017-7501"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0394.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21942"},{"type":"WEB","url":"http://rpm.org/wiki/Releases/4.13.0.2"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1450369"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452133"}],"affected":[{"package":{"name":"rpm","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/rpm?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.13.0.2-3.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0394.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}