Red Hat Bugzilla – Bug 136313
CAN-2004-0969 temporary file vulnerabilities in groffer script
Last modified: 2013-07-02 19:02:20 EDT
On September 10th 2004, Trustix shared some temporary file
vulnerabilities with vendor-sec. After some refinement these were
made public on Sep30. These are minor issues (impact: LOW) and
therefore should be fixed in future updates, but don't deserve their
own security advisory.
Temporary file vulnerability in groffer. Patch attached, however the
patch is for groff-1.19 and the groffer script is very different in
the version shipped in RHEL3. However there looks to be a similar
temporary file vulnerability that could be fixed in a similar way to
Does not affect RHEL2.1 packages which do not contain this script.
Created attachment 105435 [details]
Patch for 1.19 which needs backporting
Ping on this issue
Mark, Josh, I backpotred the patch and building the errata packages at the moment.
QA found that the groffer script won't run on RHEL3 due to needing packages we
don't ship. Therefore this won't be fixed.