+++ This bug was initially created as a clone of Bug #165606 +++ Ben Burton notified the KDE security team about several tempfile handling related vulnerabilities in langen2kvtml, a conversion script for kvoctrain. The script must be manually invoked. The script uses known filenames in /tmp which allow an local attacker to overwrite files writeable by the user invoking the conversion script. This issue should also affect FC3 -- Additional comment from bressers on 2005-08-10 14:59 EST -- Created an attachment (id=117621) Proposed upstream patch -- Additional comment from than on 2005-08-10 16:25 EST -- it's now fixed in kdeedu-3.4.2-0.fc4.2 (FC4) and kdeedu-3.4.2-0.fc3.2 (FC3) -- Additional comment from mjc on 2005-10-25 07:48 EST -- FEDORA-2005-745 FEDORA-2005-744
This issue currently only affects RHL7.3, RHL9, FC1, & FC2.
Fedora Legacy project has ended. These will not be fixed by Fedora Legacy.