Bugzilla – Bug 703666
VUL-1: groff: insufficient number of X for mktemp
Last modified: 2016-04-27 20:12:34 UTC
Your friendly security team received the following report via mitre.
Please respond ASAP.
The issue is public.
The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.
Reference: MLIST: http://openwall.com/lists/oss-security/2009/08/14/5
Reference: MLIST: http://openwall.com/lists/oss-security/2009/08/14/4
Reference: CONFIRM: http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h
Reference: CONFIRM: http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff
Factory only sufficient
I've applied the patch from openwall , just removed changes in config.guess, configure, contrib/gdiffmk/tests/runtests.in (never installed}. And contrib/pdfmark/pdfroff.sh has been untouched, as this is fixed by CVE-2009-5044 patch, just slightly differently.
Submitted to Factory by request #84475
This is an autogenerated message for OBS integration:
This bug (703666) was mentioned in
https://build.opensuse.org/request/show/84475 Factory / groff