USN-13-1: groff utility vulnerability
Posted on: 11/01/2004 04:50 PM

A groff utility update is available for Ubuntu Linux

Ubuntu Security Notice USN-13-1 November 1, 2004
groff utility vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:


The problem can be corrected by upgrading the affected package to version In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Recently, Trustix Secure Linux discovered a vulnerability in the groff package. The utility "groffer" created a temporary directory in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the user invoking the program.

Source archives:
Size/MD5: 122858 a92b7aa4bc54084f4b23b5b9e5ac3c93
Size/MD5: 715 43ca684c0d8f9043bbe1379b8f974775
Size/MD5: 2260623 511dbd64b67548c99805f1521f82cc5e

amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 856182 2cd0d31b4bff4b82cffb7a908b505e9b
Size/MD5: 1889974 32f2d724e153d7fcf0674dadf5a7ed09

i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 807494 58587e715f46456b8835e1a2e79e99a6
Size/MD5: 1843024 5361659b8437d45e3d1d64be03269c8d

powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 860482 068d0a03621f0194cc518b6c0bc8d7b4
Size/MD5: 1885040 ab4b353bac496dc2ef4d2873bbbc67a2

Printed from Linux Compatible (