Paul Szabo discovered that znew, a script included in the gzip package, creates its temporary files without taking precautions to avoid a symlink attack (CAN-2003-0367). gzexe had a similar vulnerability a while ago, CVE-1999-1332. Not yet investigated if this affects RHL or which versions.
The znew in gzip-1.3.3 does not use /tmp files.