| Summary: | scala new security issue CVE-2017-15288 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Zombie Ryushu <zombie_ryushu> |
| Component: | Security | Assignee: | Mageia Bug Squad <bugsquad> |
| Status: | RESOLVED DUPLICATE | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | 7 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://nvd.nist.gov/vuln/detail/CVE-2017-15288 | ||
| Whiteboard: | |||
| Source RPM: | scala-2.10.6-4.mga7.noarch | CVE: | CVE-2017-15288 |
| Status comment: | |||
|
Zombie Ryushu
2020-12-04 23:10:40 CET
CVE:
(none) =>
CVE-2017-15288
Zombie Ryushu
2020-12-04 23:11:02 CET
Version:
Cauldron =>
7 |
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.