| |||||||||||||||||||
Mageia alert MGASA-2012-0164 (groff)
MGASA-2012-0164 Date: July 14th, 2012 Affected releases: 1, 2 Description: Updated groff packages fix security vulnerabilities: contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file (CVE-2009-5044). The contrib/eqn2graph/eqn2graph.sh, contrib/grap2graph/grap2graph.sh, and contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory (CVE-2009-5080). The config.guess, contrib/groffer/perl/groffer.pl, and contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file (CVE-2009-5081). Updated Packages: Mageia 1: groff-1.20.1-6.1.mga1 groff-for-man-1.20.1-6.1.mga1 groff-perl-1.20.1-6.1.mga1 groff-x11-1.20.1-6.1.mga1 groff-doc-1.20.1-6.1.mga1 Mageia 2: groff-1.21-2.1.mga2 groff-for-man-1.21-2.1.mga2 groff-perl-1.21-2.1.mga2 groff-x11-1.21-2.1.mga2 groff-doc-1.21-2.1.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5080 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5081 http://lists.fedoraproject.org/pipermail/package-announce... https://bugs.mageia.org/show_bug.cgi?id=6379 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-... (Log in to post comments)
|
|||||||||||||||||||