A buffer overflow flaw was found in Texinfo's texindex command. An attacker
could construct a carefully crafted Texinfo file that could cause texindex
to crash or possibly execute arbitrary code when opened. (CVE-2006-4810)
A flaw was found in the way Texinfo's texindex command creates temporary
files. A local user could leverage this flaw to overwrite files the user
executing texindex has write access to. (CVE-2005-3011)
See RedHat announcement:
Looks like this affects both FC3 and FC4.
-----BEGIN PGP SIGNED MESSAGE-----
CVE-2005-3011 was already patched in the FC3 and FC4 packages,
but I've created updated packages to fix CVE-2006-4810
using the patch from EL4.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
-----END PGP SIGNATURE-----