COMMAND

    rpm

SYSTEMS AFFECTED

    RedHat Linux

PROBLEM

    Savochkin Andrey found a security-related bug in RPM.  RPM (RedHat
    package manager) has a command-line option to fix file permissions
    and ownership according to ones specified in the package database.

    Unfortunately the implementation of this option is buggy.  The bug
    can cause  changing permissions  of certain  files to  0777 (which
    means writable-to-everyone files).

SOLUTION

    It  is  recommended  to  all  people  using  RPM  not  to run "rpm
    --setperms" or "rpm   --setugids".  This  is fixed in  RPM 2.4.11,
    which is now available from:

        ftp.redhat.com:/updates/4.2

    and

        ftp.redhat.com:/updates/5.0