Sean Finney

**Name of the Vulnerable Software and Affected Versions** toolchain-source version 3.0.4 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files created by the tpkg-* scripts. **Recommendations** For toolchain-source version 3.0.4, consider restricting access to the tpkg-* scripts until a patch is available to prevent local users from overwriting arbitrary files.