+++ This bug was initially created as a clone of Bug #158997 +++ Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file. http://www.zataz.net/adviso/shtool-05252005.txt php contains shtool in its source.
This issue should also affect FC4
Note that this issue can only be triggered when: a) rebuilding the PHP source RPM b) building a third-party PHP module This issue alone is not worth issuing an update for; it can be deferred until there is a new upstream release or some other more serious issue.
Fixed for FC4 in FEDORA-2005-518. http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00011.html