A security hole was discovered in the GNU make package version 3.77-44 distributed with SuSE 6.1 and 6.3. If Makefile contents are fed in via stdin, files will be created in /tmp without checking if there is a symbolic link with the same name. Implications are command execution as the user running make. Other distributions are also affected. SuSE security site here.
ea08e1d1f74ae57dec28f0224d6ad7a4b1254790603ed556b334ded009d41465