Gentoo: GLSA 200909-10 Normal: LMBench Insecure File Risk

Gentoo Linux Security Advisory GLSA 200909-10 https://security.gentoo.org/ Severity: Normal Title: LMBench: Insecure temporary file usage Date: September 09, 2009 Bugs: #246015 ID: 200909-10

Synopsis ======= Multiple insecure temporary file usage issues have been reported in LMBench, allowing for symlink attacks.
Background ========= LMBench is a suite of simple, portable benchmarks for UNIX platforms.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-benchmarks/lmbench <= 3 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers.
========== Dmitry E. Oboukhov reported that the rccs and STUFF scripts do not handle "/tmp/sdiff.#####" temporary files securely. NOTE: There might be further occurances of insecure temporary file usage.
Impac...