COMMAND

    printfilter

SYSTEMS AFFECTED

    RedHat

PROBLEM

    base16  found  another  /tmp  vulnerability.   It seems the RedHat
    print filter contains the following lines:

          if [ ${i##*:} = "DONE" ]; then
             if [ "$DEBUG_FILTER" != "" ]; then
               echo "$root -> depth = $depth" >> /tmp/filter.debug
             fi

    Well, this is most certianly  not good because of obvious  symlink
    reasons.  This could  be a major hole  if the filter is  called by
    lpr, which happens to be suid.  Also:

        #
        #   define these to gets lots of feedback
        #   output is appended on /tmp/filter.debug
        #
            DEBUG_TREE=""
            DEBUG_FILTER=""

SOLUTION

    You're safe unless you enable debugging.  When you do, you  should
    be careful though...