GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Fri Oct 25, 2013 11:26 pm Post subject: [ GLSA 201310-14 ] Groff: Multiple Vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: Groff: Multiple Vulnerabilities (GLSA 201310-14)
Severity: low
Exploitable: local, remote
Date: October 25, 2013
Bug(s): #386335
ID: 201310-14
Synopsis
Multiple vulnerabilities have been found in Groff, allowing
context-dependent attackers to conduct symlink attacks.
Background
GNU Troff (Groff) is a text formatter used for man pages.
Affected Packages
Package: sys-apps/groff
Vulnerable: < 1.22.2
Unaffected: >= 1.22.2
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Groff. Please review
the CVE identifiers referenced below for details.
Impact
A context-dependent attacker could perform symlink attacks to overwrite
arbitrary files with the privileges of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All Groff users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/groff-1.22.2"
|
References
CVE-2009-5044
CVE-2009-5078
CVE-2009-5079
CVE-2009-5080
CVE-2009-5081
CVE-2009-5082 |
|