[23879] in bugtraq
Re: [RHSA-2002:004-06] New groff packages available to fix security problems
daemon@ATHENA.MIT.EDU (Colin Watson)
Wed Jan 16 19:23:18 2002
Date: Wed, 16 Jan 2002 05:47:31 +0000
From: Colin Watson <cjwatson@debian.org>
To: bugtraq@securityfocus.com
Message-ID: <20020116054731.GA14173@arborlon.riva.ucam.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="SUOF0GtieIMvvwua"
Content-Disposition: inline
In-Reply-To: <200201141618.g0EGIir12158@porkchop.redhat.com>
--SUOF0GtieIMvvwua
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Jan 16, 2002 at 05:18:41AM +0000, bugzilla@redhat.com wrote:
> Synopsis: New groff packages available to fix security problems
> Advisory ID: RHSA-2002:004-06
> Issue date: 2002-01-07
> Updated on: 2002-01-14
> Product: Red Hat Linux
> Keywords: groff security
[...]
> Groff is a document formatting system. The groff preprocessor contains an
> exploitable buffer overflow. If groff can be invoked within the LPRng
> printing system, an attacker can gain rights as the "lp" user.
This problem does not affect the stable release of Debian, as the
version of groff in Debian 2.2 did not contain the grn preprocessor to
which this advisory applies. Thus I don't believe we'll be issuing an
official advisory.
The bug did affect both the testing and unstable distributions of
Debian, and is fixed in groff 1.17.2-15 in unstable. This package will
propagate into testing in a few days, once binary packages for
architectures other than i386 have been prepared.
Regards,
--=20
Colin Watson, Debian groff maintainer [cjwatson@flatline.org.uk]
--SUOF0GtieIMvvwua
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8RRPz9t0zAhD6TNERAoxnAJ9AYtuLLgnJ60HM83J1ZFEF6hB8hwCfSYSw
QL7Yx9c+p53zc4haNwY+40Y=
=ZBlh
-----END PGP SIGNATURE-----
--SUOF0GtieIMvvwua--
