Common Vulnerabilities and Exposures assigned an identifier CVE-2011-2533 to the following vulnerability: The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2533 [2] http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2 Upstream patch: [3] http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=4df3e187b482a2bf2230c36c4b1c7bc4d439d51a
Statement: This issue is compile-time only and does not affect binary dbus packages, shipped in Red Hat Enterprise Linux 5 and 6. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 5 and 6.