Back to bug 1964114
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Mauro Matteo Cascella | 2021-06-08 14:51:22 UTC | CC | security-response-team | |
| CC | kaycoth, vmugicag | |||
| Blocks | 1964123 | |||
| CC | pmatilai | |||
| Depends On | 1969327, 1969329, 1969328 | |||
| CC | mcascell | |||
| Mauro Matteo Cascella | 2021-06-08 14:52:20 UTC | Comment | 5 | updated |
| Mauro Matteo Cascella | 2021-06-09 09:26:36 UTC | Depends On | 1969800, 1969799, 1969798 | |
| Mauro Matteo Cascella | 2021-06-09 09:27:41 UTC | Summary | EMBARGOED rpm: races with chown/chmod/capabilties calls during installation | EMBARGOED rpm: races with chown/chmod/capabilities calls during installation |
| Mauro Matteo Cascella | 2021-06-28 17:34:58 UTC | Depends On | 1971278, 1971279, 1971281, 1971280 | |
| Doc Text | A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||
| Mauro Matteo Cascella | 2021-06-30 15:04:49 UTC | Summary | EMBARGOED rpm: races with chown/chmod/capabilities calls during installation | EMBARGOED CVE-2021-35938 rpm: races with chown/chmod/capabilities calls during installation |
| Alias | CVE-2021-35938 | |||
| Blocks | 1977372 | |||
| Group | security, qe_staff | |||
| CC | caswilli, ffesti, igor.raits, mjw, packaging-team-maint, pmoravco, vmukhame | |||
| Summary | EMBARGOED CVE-2021-35938 rpm: races with chown/chmod/capabilities calls during installation | CVE-2021-35938 rpm: races with chown/chmod/capabilities calls during installation | ||
| Mauro Matteo Cascella | 2021-06-30 15:21:33 UTC | Depends On | 1977844 | |
| Mauro Matteo Cascella | 2021-07-08 10:20:34 UTC | Comment | 10 | updated |
| Tomas Hoger | 2021-09-16 08:36:42 UTC | Depends On | 2003064 | |
| Tomas Hoger | 2022-04-06 11:57:51 UTC | Depends On | 2070453 | |
| Samantha N. Bueno | 2022-05-12 03:50:58 UTC | CC | sbueno | |
| Igor Raits | 2022-08-30 12:14:15 UTC | CC | igor.raits | |
| Bishop Clark | 2022-11-03 19:12:08 UTC | CC | bishop | |
| Mauro Matteo Cascella | 2022-11-28 11:45:39 UTC | Fixed In Version | rpm 4.18.0 | |
| Mark Wielaard | 2023-01-25 12:31:35 UTC | CC | mjw | |
| Derrick | 2023-05-09 17:36:31 UTC | CC | derrick.roach.ctr | |
| Red Hat Bugzilla | 2023-07-07 08:34:03 UTC | CC | security-response-team | |
| Assignee | security-response-team | nobody |
Back to bug 1964114