lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 1 Nov 2004 18:24:40 +0100
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: [USN-13-1] groff utility vulnerability

===========================================================
Ubuntu Security Notice USN-13-1            November 1, 2004
groff utility vulnerability
CAN-2004-0969
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

groff

The problem can be corrected by upgrading the affected package to
version 1.18.1.1-1ubuntu0.1. In general, a standard system upgrade
is sufficient to effect the necessary changes.

Details follow:

Recently, Trustix Secure Linux discovered a vulnerability in the groff
package. The utility "groffer" created a temporary directory in an
insecure way, which allowed exploitation of a race condition to create
or overwrite files with the privileges of the user invoking the
program.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/groff/groff_1.18.1.1-1ubuntu0.1.diff.gz
      Size/MD5:   122858 a92b7aa4bc54084f4b23b5b9e5ac3c93
    http://security.ubuntu.com/ubuntu/pool/main/g/groff/groff_1.18.1.1-1ubuntu0.1.dsc
      Size/MD5:      715 43ca684c0d8f9043bbe1379b8f974775
    http://security.ubuntu.com/ubuntu/pool/main/g/groff/groff_1.18.1.1.orig.tar.gz
      Size/MD5:  2260623 511dbd64b67548c99805f1521f82cc5e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/groff/groff-base_1.18.1.1-1ubuntu0.1_amd64.deb
      Size/MD5:   856182 2cd0d31b4bff4b82cffb7a908b505e9b
    http://security.ubuntu.com/ubuntu/pool/main/g/groff/groff_1.18.1.1-1ubuntu0.1_amd64.deb
      Size/MD5:  1889974 32f2d724e153d7fcf0674dadf5a7ed09

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/groff/groff-base_1.18.1.1-1ubuntu0.1_i386.deb
      Size/MD5:   807494 58587e715f46456b8835e1a2e79e99a6
    http://security.ubuntu.com/ubuntu/pool/main/g/groff/groff_1.18.1.1-1ubuntu0.1_i386.deb
      Size/MD5:  1843024 5361659b8437d45e3d1d64be03269c8d

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/groff/groff-base_1.18.1.1-1ubuntu0.1_powerpc.deb
      Size/MD5:   860482 068d0a03621f0194cc518b6c0bc8d7b4
    http://security.ubuntu.com/ubuntu/pool/main/g/groff/groff_1.18.1.1-1ubuntu0.1_powerpc.deb
      Size/MD5:  1885040 ab4b353bac496dc2ef4d2873bbbc67a2

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists