bash# rpm -qf /usr/bin/mktexlsr tetex-1.0.7-7 This program handles temporary files insecurely. If the file /var/lib/texmf/ls-R doesn't exist (as it won't in a new install, or if the file hasn't been accessed in 90 days (/etc/cron.daily/tetex.cron cleans the directory, although the comment claims it will be 10 days. (comments should be kept consistant with reality, otherwise there is no point in them being there. ))) if LPRng is installed, an exploit can be run that will allow changing the configuration of the printer daemon. As this program is executed by LPRng it is possible to gain access with whatever perms the daemon runs with. (This (at time of writing) included all the groups root is in, due to the daemon failing to drop permissions properly. (bugzilla id 43341))
In rawhide's tetex-1.0.7-18 package is the following patch, which closes a lot of temporary file handling problems.
Created attachment 20173 [details] Fix temporary file handling in tetex scripts
Is there going to be an errata release? or is this just going to lie about being exploitable forever?