Paketname
groff
Datum
2013-04-09
Advisory ID
MDVSA-2013:085
Betroffene Versionen
MES5 i586 , MES5 x86_64

Problembeschreibung

Multiple vulnerabilities has been found and corrected in groff:

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows
local users to overwrite arbitrary files via a symlink attack on a
pdf#####.tmp temporary file (CVE-2009-5044).

The (1) gendef.sh, (2) doc/fixinfo.sh, and (3)
contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff)
1.21 and earlier allow local users to overwrite arbitrary files
via a symlink attack on a gro#####.tmp or /tmp/##### temporary file
(CVE-2009-5079).

The (1) contrib/eqn2graph/eqn2graph.sh,
(2) contrib/grap2graph/grap2graph.sh, and (3)
contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff)
1.21 and earlier do not properly handle certain failed attempts
to create temporary directories, which might allow local users
to overwrite arbitrary files via a symlink attack on a file in a
temporary directory, a different vulnerability than CVE-2004-1296
(CVE-2009-5080).

The updated packages have been patched to correct these issues.

Aktualisierte Pakete

MES5 i586

 8aba0ff61c017d1c994ed5050891a82a  mes5/i586/groff-1.19.1-12.1mdvmes5.2.i586.rpm
 03e9c6c5e5d664626134b4f76fb63208  mes5/i586/groff-for-man-1.19.1-12.1mdvmes5.2.i586.rpm
 0022b4ead2f298880a470f1c102bd2be  mes5/i586/groff-gxditview-1.19.1-12.1mdvmes5.2.i586.rpm
 46d6db989c131234eba38ab967f87884  mes5/i586/groff-perl-1.19.1-12.1mdvmes5.2.i586.rpm 
 04a7b612a6b8ac86a00d4312e495f608  mes5/SRPMS/groff-1.19.1-12.1mdvmes5.2.src.rpm

MES5 x86_64

 d1519acc803ead88290db5da6b1795c9  mes5/x86_64/groff-1.19.1-12.1mdvmes5.2.x86_64.rpm
 969cb6ced3a1d3a21d454256ea136f61  mes5/x86_64/groff-for-man-1.19.1-12.1mdvmes5.2.x86_64.rpm
 51877be8460781a183eb35f8f79ef2b2  mes5/x86_64/groff-gxditview-1.19.1-12.1mdvmes5.2.x86_64.rpm
 7118c0e6aa623f8ac96b943213b3ff94  mes5/x86_64/groff-perl-1.19.1-12.1mdvmes5.2.x86_64.rpm 
 04a7b612a6b8ac86a00d4312e495f608  mes5/SRPMS/groff-1.19.1-12.1mdvmes5.2.src.rpm

Referenzen