Bug 703666 - VUL-1: groff: insufficient number of X for mktemp
VUL-1: groff: insufficient number of X for mktemp
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
All Linux
: P4 - Low : Minor
: ---
Assigned To: Michal Vyskocil
Security Team bot
.
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-07-04 09:05 UTC by Ludwig Nussel
Modified: 2016-04-27 20:12 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2011-07-04 09:05:29 UTC
Your friendly security team received the following report via mitre.
Please respond ASAP.
The issue is public.

======================================================
Name: CVE-2009-5081

The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.


Reference: MLIST: http://openwall.com/lists/oss-security/2009/08/14/5
Reference: MLIST: http://openwall.com/lists/oss-security/2009/08/14/4
Reference: CONFIRM: http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h
Reference: CONFIRM: http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff
Comment 1 Ludwig Nussel 2011-07-04 11:30:48 UTC
Factory only sufficient
Comment 2 Michal Vyskocil 2011-09-22 12:52:55 UTC
I've applied the patch from openwall [1], just removed changes in config.guess, configure, contrib/gdiffmk/tests/runtests.in (never installed}. And contrib/pdfmark/pdfroff.sh has been untouched, as this is fixed by CVE-2009-5044 patch, just slightly differently.

Submitted to Factory by request #84475

[1] http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2;content-type=text%2Fplain
Comment 3 Bernhard Wiedemann 2011-09-22 13:00:14 UTC
This is an autogenerated message for OBS integration:
This bug (703666) was mentioned in
https://build.opensuse.org/request/show/84475 Factory / groff