main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kill `cat /run/tinyproxy/tinyproxy.pid`" command.
Created tinyproxy tracking bugs for this issue:
Affects: epel-all [bug 1476704]
Affects: fedora-all [bug 1476703]
Upstream patch: https://github.com/tinyproxy/tinyproxy/pull/120
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.