Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2010-2197

Published: 8 June 2010

rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag.

Notes

AuthorNote
mdeslaur
rpm spec files can also trivially remove home directories. This
isn't an issue worth fixing since it is assumed source rpms
are verified before being used, either by using a signed package
from a trusted source, or by carefully auditing the spec file.
Downgrading to "negligible" and ignoring.

Priority

Negligible

Status

Package Release Status
rpm
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
hardy Ignored
(end of life)
jaunty Ignored
(end of life)
karmic Ignored
(end of life)
lucid Ignored

maverick Ignored
(end of life)
natty Not vulnerable
(4.8.1-6ubuntu1)
oneiric Not vulnerable

precise Not vulnerable

upstream
Released (4.8.1-6)