Bug 136313 - CAN-2004-0969 temporary file vulnerabilities in groffer script
CAN-2004-0969 temporary file vulnerabilities in groffer script
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: groff (Show other bugs)
3.0
All Linux
medium Severity low
: ---
: ---
Assigned To: Jindrich Novy
Mike McLean
public=20040930,impact=low,reported=2...
: Security
Depends On:
Blocks: 132991
  Show dependency treegraph
 
Reported: 2004-10-19 06:04 EDT by Mark J. Cox (Product Security)
Modified: 2013-07-02 19:02 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-21 06:14:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch for 1.19 which needs backporting (888 bytes, patch)
2004-10-19 06:05 EDT, Mark J. Cox (Product Security)
no flags Details | Diff

  None (edit)
Description Mark J. Cox (Product Security) 2004-10-19 06:04:36 EDT
On September 10th 2004, Trustix shared some temporary file
vulnerabilities with vendor-sec.  After some refinement these were
made public on Sep30.  These are minor issues (impact: LOW) and
therefore should be fixed in future updates, but don't deserve their
own security advisory.

Temporary file vulnerability in groffer.  Patch attached, however the
patch is for groff-1.19 and the groffer script is very different in
the version shipped in RHEL3.  However there looks to be a similar
temporary file vulnerability that could be fixed in a similar way to
the patch.

Does not affect RHEL2.1 packages which do not contain this script.
Comment 1 Mark J. Cox (Product Security) 2004-10-19 06:05:25 EDT
Created attachment 105435 [details]
Patch for 1.19 which needs backporting
Comment 2 Josh Bressers 2005-06-02 15:29:04 EDT
Ping on this issue
Comment 3 Jindrich Novy 2005-06-03 06:34:32 EDT
Mark, Josh, I backpotred the patch and building the errata packages at the moment.
Comment 4 Mark J. Cox (Product Security) 2005-06-21 06:14:04 EDT
QA found that the groffer script won't run on RHEL3 due to needing packages we
don't ship.  Therefore this won't be fixed.

Note You need to log in before you can comment on or make changes to this bug.