Bugzilla – Bug 703666
VUL-1: groff: insufficient number of X for mktemp
Last modified: 2016-04-27 20:12:34 UTC
Your friendly security team received the following report via mitre. Please respond ASAP. The issue is public. ====================================================== Name: CVE-2009-5081 The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969. Reference: MLIST: http://openwall.com/lists/oss-security/2009/08/14/5 Reference: MLIST: http://openwall.com/lists/oss-security/2009/08/14/4 Reference: CONFIRM: http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h Reference: CONFIRM: http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff
Factory only sufficient
I've applied the patch from openwall [1], just removed changes in config.guess, configure, contrib/gdiffmk/tests/runtests.in (never installed}. And contrib/pdfmark/pdfroff.sh has been untouched, as this is fixed by CVE-2009-5044 patch, just slightly differently. Submitted to Factory by request #84475 [1] http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2;content-type=text%2Fplain
This is an autogenerated message for OBS integration: This bug (703666) was mentioned in https://build.opensuse.org/request/show/84475 Factory / groff