CVE-2017-15288

Name of the Vulnerable Software and Affected Versions Scala versions 2.10.0 through 2.10.6 Scala versions 2.11.0 through 2.11.11 Scala versions 2.12.0 through 2.12.3

Description The compilation daemon in Scala uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port. This allows local users to write to arbitrary class files and gain privileges.

Recommendations For Scala versions 2.10.0 through 2.10.6, update to version 2.10.7 or later. For Scala versions 2.11.0 through 2.11.11, update to version 2.11.12 or later. For Scala versions 2.12.0 through 2.12.3, update to version 2.12.4 or later.