View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-7501 severity important: SUSE including 21 source package names (0.9.1:rpm-4.11.2-16.21.1, 1.0.0:rpm-4.11.2-16.21.1, …), 243 product×package rows across 97 product lines (Container caasp/v4/default-http-backend, Container caasp/v4/dnsmasq-nanny, … (97 product lines)): Fixed 159, Known Not Affected 84.
It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.