DEBIAN-CVE-2010-2198

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2010-2198

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2010-2198.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2010-2198

Upstream

CVE-2010-2198

Published

2010-06-08T18:30:10Z

Modified

2025-09-17T21:02:15Z

Summary

[none]

Details

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.

References

https://security-tracker.debian.org/tracker/CVE-2010-2198

Affected packages

Debian:11 / rpm

Package

Name: rpm
Purl: pkg:deb/debian/rpm?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / rpm

Package

Name: rpm
Purl: pkg:deb/debian/rpm?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / rpm

Package

Name: rpm
Purl: pkg:deb/debian/rpm?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:14 / rpm

Package

Name: rpm
Purl: pkg:deb/debian/rpm?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "unimportant"
}