MGASA-2012-0164
| Date: | July 14th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated groff packages fix security vulnerabilities:
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21
allows local users to overwrite arbitrary files via a symlink
attack on a pdf#####.tmp temporary file (CVE-2009-5044).
The contrib/eqn2graph/eqn2graph.sh, contrib/grap2graph/grap2graph.sh,
and contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff)
1.21 and earlier do not properly handle certain failed attempts to
create temporary directories, which might allow local users to
overwrite arbitrary files via a symlink attack on a file in a
temporary directory (CVE-2009-5080).
The config.guess, contrib/groffer/perl/groffer.pl, and
contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21
and earlier use an insufficient number of X characters in the
template argument to the tempfile function, which makes it easier
for local users to overwrite arbitrary files via a symlink attack
on a temporary file (CVE-2009-5081).
Updated Packages:
Mageia 1:
groff-1.20.1-6.1.mga1
groff-for-man-1.20.1-6.1.mga1
groff-perl-1.20.1-6.1.mga1
groff-x11-1.20.1-6.1.mga1
groff-doc-1.20.1-6.1.mga1
Mageia 2:
groff-1.21-2.1.mga2
groff-for-man-1.21-2.1.mga2
groff-perl-1.21-2.1.mga2
groff-x11-1.21-2.1.mga2
groff-doc-1.21-2.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5081
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081977.html
https://bugs.mageia.org/show_bug.cgi?id=6379
