initscript in setserial 2.17-4 and previous versions uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files.
redhat linux 7.1