Joined: 12 May 2004
|Posted: Fri Oct 25, 2013 11:26 pm Post subject: [ GLSA 201310-14 ] Groff: Multiple Vulnerabilities
|Gentoo Linux Security Advisory
Title: Groff: Multiple Vulnerabilities (GLSA 201310-14)
Exploitable: local, remote
Date: October 25, 2013
Multiple vulnerabilities have been found in Groff, allowing
context-dependent attackers to conduct symlink attacks.
GNU Troff (Groff) is a text formatter used for man pages.
Vulnerable: < 1.22.2
Unaffected: >= 1.22.2
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in Groff. Please review
the CVE identifiers referenced below for details.
A context-dependent attacker could perform symlink attacks to overwrite
arbitrary files with the privileges of the user running the application.
There is no known workaround at this time.
All Groff users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/groff-1.22.2"