Paul Szabo discovered that znew, a script included in the gzip
package, creates its temporary files without taking precautions to
avoid a symlink attack (CAN-2003-0367). gzexe had a similar
vulnerability a while ago, CVE-1999-1332.
Not yet investigated if this affects RHL or which versions.
The znew in gzip-1.3.3 does not use /tmp files.