CVE-2010-2059

NameCVE-2010-2059
Descriptionlib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs584257

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
rpm (PTS)jessie4.11.3-1.1fixed
stretch4.12.0.2+dfsg1-2fixed
buster4.14.2.1+dfsg1-1fixed
bullseye4.16.1.2+dfsg1-3fixed
bookworm4.18.0+dfsg-1+deb12u1fixed
sid, trixie4.20.0+dfsg-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
rpmsource(unstable)4.8.1-1unimportant584257

Notes

Marking as unimportant since rpm isn't used as a package manager

Search for package or bug name: Reporting problems