The setroubleshoot packages provide tools to help diagnose SELinuxproblems. When AVC messages occur, an alert is generated that givesinformation about the problem, and how to create a resolution.A flaw was found in the way sealert wrote diagnostic messages to atemporary file. A local unprivileged user could perform a symbolic linkattack, and cause arbitrary files, writable by other users, to beoverwritten when a victim runs sealert. (CVE-2007-5495)A flaw was found in the way sealert displayed records from thesetroubleshoot database as unescaped HTML. An local unprivileged attackercould cause AVC denial events with carefully crafted process or file names,injecting arbitrary HTML tags into the logs, which could be used as ascripting attack, or to confuse the user running sealert. (CVE-2007-5496)Additionally, the following bugs have been fixed in these update packages:Users of setroubleshoot are advised to upgrade to these updated packages,which resolve these issues.