Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6209 to the following vulnerability: difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files. References: http://www.zsh.org/mla/workers/2007/msg01060.html http://www.zsh.org/mla/workers/2007/msg01065.html http://www.zsh.org/mla/workers/2007/msg01066.html https://bugs.gentoo.org/show_bug.cgi?id=201022
Not vulnerable. These issues did not affect the versions of the zsh package as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
It's worth noting that even the 4.3.4 version of zsh we ship in Fedora is also not vulnerable, as we don't ship that perl script (looks like an addon).