A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.Referenceshttps://access.redhat.com/errata/RHSA-2018:0336https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9595
