It was found that fabric, a simple Pythonic remote deployment tool,
used insecure way for creation of temporary files, when uploading
template text files and project files to a remote system. A local attacker
could use this flaw to conduct symlink attacks to upload sensitive
information to remote host or to overwrite certain local system files.
This issue affects the versions of the fabric package, as shipped with
Fedora release of 13, 14, and 15. Please schedule an update, once final
upstream patch known.
Created fabric tracking bugs for this issue
Affects: fedora-all [bug 710465]
The CVE identifier of CVE-2011-2185 has been assigned to this issue: