DEBIAN-CVE-2010-2199

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2010-2199

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2010-2199.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2010-2199

Upstream

CVE-2010-2199

Published

2010-06-08T18:30:10Z

Modified

2025-09-18T05:18:19Z

Summary

[none]

Details

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.

References

https://security-tracker.debian.org/tracker/CVE-2010-2199

Affected packages

Debian:11 / rpm

Package

Name: rpm
Purl: pkg:deb/debian/rpm?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / rpm

Package

Name: rpm
Purl: pkg:deb/debian/rpm?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / rpm

Package

Name: rpm
Purl: pkg:deb/debian/rpm?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:14 / rpm

Package

Name: rpm
Purl: pkg:deb/debian/rpm?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "unimportant"
}