znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Created gzip tracking bugs for this issue:
Affects: fedora-all [bug 1850890]
This was fixed some 15+ years ago and does not affect current Red Hat Enterprise Linux or Fedora versions.
Created attachment 1698899 [details]
The version of the patch as included in Red Hat Enterprise Linux 5 version of gzip. A subset of it is also included in later gzip version in Red Hat Enterprise Linux 6 and 7.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):