The at-spi2-atk module for GTK+ was found [1],[2] to not handle temporary files in a secure manner. The /tmp/at-spi2/ directory that it uses is world-writable and readable, and uses a predictable hard-coded name. This could lead to symlink attacks, overwriting arbitrary files. This has been fixed in upstream version 2.5.3, via git commit e4f3ee [3]. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678026 [2] https://bugzilla.gnome.org/show_bug.cgi?id=678348 [3] http://git.gnome.org/browse/at-spi2-atk/commit/?id=e4f3ee
Created at-spi2-atk tracking bugs for this issue Affects: fedora-all [bug 841671]
This still affects Fedora 17, but Fedora 18 has a post-fix upstream version.