It was found that fabric, a simple Pythonic remote deployment tool, used insecure way for creation of temporary files, when uploading template text files and project files to a remote system. A local attacker could use this flaw to conduct symlink attacks to upload sensitive information to remote host or to overwrite certain local system files. References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629003
CVE Request: [2] http://www.openwall.com/lists/oss-security/2011/06/03/5
This issue affects the versions of the fabric package, as shipped with Fedora release of 13, 14, and 15. Please schedule an update, once final upstream patch known.
Created fabric tracking bugs for this issue Affects: fedora-all [bug 710465]
The CVE identifier of CVE-2011-2185 has been assigned to this issue: http://www.openwall.com/lists/oss-security/2011/06/06/12