Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

Fedora 26 RPM Critical Privilege Escalation Patch FEDORA-2017-9232eac8e8

fedora
Calendar Grey November 7, 2017
Scroller Fedora Esm H88
Fedora 26 releases critical RPM patches addressing privilege escalations related to symlink handling.
This latest stable release on rpm 4.13.x branch brings in several important bugfixes

Summary

The RPM Package Manager (RPM) is a powerful command line driven

package management system capable of installing, uninstalling,

verifying, querying, and updating software packages. Each software

package consists of an archive of files along with information about

the package like its version, a description, etc.

This latest stable release on rpm 4.13.x branch brings in several important

bugfixes. For details see release notes at

http://rpm.org/wiki/Releases/4.13.0.2.

[ 1 ] Bug #1467375 - CVE-2017-7501 rpm: Following symlinks to files when installing packages allows privilege escalation [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1467375

[ 2 ] Bug #1467374 - CVE-2017-7500 rpm: Following symlinks to directories when installing packages allows privilege escalation [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1467374

su -c 'dnf upgrade rpm' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 26
Version: 4.13.0.2
Release: 1.fc26
Summary: The RPM package management system

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.