Package name
groff
Date
2013-04-09
Advisory ID
MDVSA-2013:086
Affected versions
MBS1 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in groff:

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows
local users to overwrite arbitrary files via a symlink attack on a
pdf#####.tmp temporary file (CVE-2009-5044).

The (1) gendef.sh, (2) doc/fixinfo.sh, and (3)
contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff)
1.21 and earlier allow local users to overwrite arbitrary files
via a symlink attack on a gro#####.tmp or /tmp/##### temporary file
(CVE-2009-5079).

The (1) contrib/eqn2graph/eqn2graph.sh,
(2) contrib/grap2graph/grap2graph.sh, and (3)
contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff)
1.21 and earlier do not properly handle certain failed attempts
to create temporary directories, which might allow local users
to overwrite arbitrary files via a symlink attack on a file in a
temporary directory, a different vulnerability than CVE-2004-1296
(CVE-2009-5080).

The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3)
contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21
and earlier use an insufficient number of X characters in the template
argument to the tempfile function, which makes it easier for local
users to overwrite arbitrary files via a symlink attack on a temporary
file, a different vulnerability than CVE-2004-0969 (CVE-2009-5081).

The updated packages have been patched to correct these issues.

Updated packages

MBS1 x86_64

 2515f0236cbf74bb49265d665c6e6a80  mbs1/x86_64/groff-1.21-3.2.mbs1.x86_64.rpm
 5c3f53aec7e2af8728391d7d4e85d583  mbs1/x86_64/groff-doc-1.21-3.2.mbs1.x86_64.rpm
 1dd1860c024063f5ba1eaa39c59c0de1  mbs1/x86_64/groff-for-man-1.21-3.2.mbs1.x86_64.rpm
 5114c1d0a28e778686b753e575793f9d  mbs1/x86_64/groff-perl-1.21-3.2.mbs1.x86_64.rpm
 c18d1da7f031fa6890aca29a95c012ae  mbs1/x86_64/groff-x11-1.21-3.2.mbs1.x86_64.rpm 
 3f1690137749a175708575692ae030ee  mbs1/SRPMS/groff-1.21-3.2.mbs1.src.rpm

References