The rltropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
{
"binaries": [
{
"binary_name": "lib32readline6",
"binary_version": "6.3-4ubuntu2"
},
{
"binary_name": "lib64readline6",
"binary_version": "6.3-4ubuntu2"
},
{
"binary_name": "libreadline6",
"binary_version": "6.3-4ubuntu2"
},
{
"binary_name": "libx32readline6",
"binary_version": "6.3-4ubuntu2"
},
{
"binary_name": "readline-common",
"binary_version": "6.3-4ubuntu2"
},
{
"binary_name": "rlfe",
"binary_version": "6.3-4ubuntu2"
}
]
}