Red Hat Bugzilla – Bug 841670
CVE-2012-3378 at-spi2-atk: insecure temporary file handling
Last modified: 2015-03-03 05:15:31 EST
The at-spi2-atk module for GTK+ was found , to not handle temporary files in a secure manner. The /tmp/at-spi2/ directory that it uses is world-writable and readable, and uses a predictable hard-coded name. This could lead to symlink attacks, overwriting arbitrary files.
This has been fixed in upstream version 2.5.3, via git commit e4f3ee .
Created at-spi2-atk tracking bugs for this issue
Affects: fedora-all [bug 841671]
This still affects Fedora 17, but Fedora 18 has a post-fix upstream version.