CVE-2010-2059 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2059): lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.
CVE-2010-2197 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2197): rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag. CVE-2010-2198 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2198): lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059. CVE-2010-2199 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2199): lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.
what does any of this have to do with rpm2targz ? all of the code quoted comes from app-arch/rpm.
tracked at https://bugs.launchpad.net/rpm/+bug/634183 Yes, these are all RPM CVE's (and more specifically rpm.org RPM)
Fixed by updating 4.8.0 to 4.8.1. From my understanding of those CVEs other versions in the tree should not be affected. Thanks for reporting the bugs.
Sorry, reopening for security@ to deal with closing
Added to GLSA request with 384967, ready for review.
This issue was resolved and addressed in GLSA 201206-26 at http://security.gentoo.org/glsa/glsa-201206-26.xml by GLSA coordinator Sean Amoss (ackle).