Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file. http://www.zataz.net/adviso/shtool-05252005.txt openldap contains shtool in its source.
Note that this issue can only be triggered when: a) rebuilding the PHP source RPM b) building a third-party PHP module Proposing for inclusion in U2.
*** Bug 158997 has been marked as a duplicate of this bug. ***
Yes, we'll just include this in either U2 or our next security update. No need to roll new packages just for this.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-564.html