Felipe Sateler

**Name of the Vulnerable Software and Affected Versions** checkinstall version 1.6.1 installwatch (affected versions not specified) **Description** A race condition exists, allowing local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories. **Recommendations** For checkinstall version 1.6.1, update to a newer version that contains a fix for this issue. For installwatch, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cecilia version 2.0.5 **Description** The issue in Cecilia allows local users to overwrite arbitrary files via a symlink attack on the csvers temporary file in lib/prefs.tcl. **Recommendations** For version 2.0.5, consider restricting access to the lib/prefs.tcl file to prevent arbitrary file overwrites until a patch is available.