Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Updated packages to correct this issue are available along with our advisory:
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.