diff -up hplip-3.11.7/prnt/hpijs/hpcupsfax.cpp.CVE-2011-2722 hplip-3.11.7/prnt/hpijs/hpcupsfax.cpp --- hplip-3.11.7/prnt/hpijs/hpcupsfax.cpp.CVE-2011-2722 2011-07-29 10:21:37.404874641 +0100 +++ hplip-3.11.7/prnt/hpijs/hpcupsfax.cpp 2011-07-29 10:28:10.071298117 +0100 @@ -625,8 +625,15 @@ int send_data_to_stdout(int fromFD) fp = NULL; if (iLogLevel & SAVE_PCL_FILE) { - fp = fopen ("/tmp/hpcupsfax.out", "w"); - system ("chmod 666 /tmp/hpcupsfax.out"); + int fd; + + unlink ("/tmp/hpcupsfax.out"); + fd = open ("/tmp/hpcupsfax.out", O_WRONLY | O_CREAT | O_EXCL, + S_IRUSR | S_IWUSR | S_IRGRP); + if (fd != -1) + { + fp = fdopen (fd, "w"); + } } while ((len = read (fromFD, pTmp, iSize)) > 0)