ustix has discovered temporary file bugs in gzexe, zdiff and znew which could allow a local user to overwrite arbitrary files by creating specially named symlinks. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139360 http://www.debian.org/security/2004/dsa-588 ------- Additional Comments From rob.myers.edu 2004-11-29 11:53:45 ---- afaict, this does not apply to gzip-1.3.3-11 on fc1. of course that does not explain why redhat is looking at this issue for RHEL3 and RHEL4... i guess i'll keep an eye on any patches that they release. can someone else confirm/deny this? ------- Additional Comments From siegert 2005-01-07 11:12:44 ---- Created an attachment (id=962) CAN-2004-0970 for gzip-1.3.3 This is the only part of the Debian patch that seems to apply to gzip-1.3.3 - if at all. ------- Additional Comments From pekkas 2005-02-15 07:17:37 ---- Hmm. Red Hat has already included a hardened version of the script; from changelogs: * Fri Oct 26 2001 Trond Eivind Glomsr�d <teg> 1.3.0-16 - replace tempfile patches with improved ones solar - Add less to the dependency chain - zless needs it Can anyone check this out? Maybe we can close this as NOTABUG. ------- Additional Comments From marcdeslauriers 2005-03-05 20:11:20 ---- Yep. Confirmed. This was already fixed. ------- Bug moved to this database by dkl 2005-03-30 18:29 ------- This bug previously known as bug 2292 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=2292 Originally filed under the Fedora Legacy product and Package request component. Attachments: CAN-2004-0970 for gzip-1.3.3 https://bugzilla.fedora.us/attachment.cgi?action=view&id=962 Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.