+++ This bug was initially created as a clone of Bug #155745 +++ Race condition in gzip 1.2.4, 1.3.3, and earlier when decompressing a gzip allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. http://www.securityfocus.com/archive/1/394965
Created attachment 113665 [details] Used patch I fixed this problem in devel (gzip-1.3.5-4). (I changed permissions and ownership before output file is closed.) Ivana Varekova
"CLOSED RAWHIDE" is absolutely of no help to all FC3 installations out there with now a widely known open security issues. There were recent updates for RHEL. See https://rhn.redhat.com/errata/RHSA-2005-357.html Do you propose that everybody should recompile rawhide gzip rpms on their own? Not that hard to do, but ....
fc3 package is built now (gzip-1.3.3-14.fc3).
Sigh! gzip-1.3.5-14.fc3 indeed closes CAN-2005-0988 and CAN-2005-1228 but CAN-2005-0758 (bug 121514) is still there. That bug was fixed in RHEL gzip updates and exactly the same fix showed up in bzgrep from bzip2-1.0.2-13.FC3.1 released yesterday. FC4 gzip packages also do not sport that bug.
fc3 package with CAN-2005-0758 (bug 121514) - patch is built now (gzip-1.3.3-15.fc3).