chm2pdf 0.9 uses temporary files in directories with fixed names, which allows local users to cause a denial of service (chm2pdf failure) of other users by creating those directories ahead of time.
Let's try this again. chm2pdf in Fedora 14 is still vulnerable to this. A patch was provided in the Debian bug:
I can't think of a reason not to use it.
Created chm2pdf tracking bugs for this issue
Affects: fedora-all [bug 665494]
I have been able to apply the patch supplied in the bug url given by Vincent. There are two patches present there , one for insecure_temp_dir and other for bashims. I have applied the first one.
Created attachment 472423 [details]
Patch that fixes the insecure temporary file issue
I have applied the patch and here is the spec file and SRPM link
Could you provide a review of the patch provided (in the attachment)?
(In reply to comment #7)
> Could you provide a review of the patch provided (in the attachment)?
The patch in the attachment looked pretty odd, so I looked at the srpm and pulled the patch you had in there. That one looks good (I've just looked, not tested). I would go ahead and submit it.
This flaw was corrected in Fedora 14:
and Fedora 13: