MDVSA-2013:085 -- Mandriva groffID: oval:org.secpod.oval:def:1300179 | Date: (C)2013-04-17 (M)2023-11-09 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been found and corrected in groff: contrib/pdfmark/pdfroff.sh in GNU troff before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file . The gendef.sh, doc/fixinfo.sh, and contrib/gdiffmk/tests/runtests.in scripts in GNU troff 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file . The contrib/eqn2graph/eqn2graph.sh, contrib/grap2graph/grap2graph.sh, and contrib/pic2graph/pic2graph.sh scripts in GNU troff 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296 . The updated packages have been patched to correct these issues.
Platform: |
Mandriva Enterprise Server 5.2 |