On September 10th 2004, Trustix shared some temporary file vulnerabilities with vendor-sec. After some refinement these were made public on Sep30. These are minor issues (impact: LOW) and therefore should be fixed in future updates, but don't deserve their own security advisory. Temporary file vulnerability in groffer. Patch attached, however the patch is for groff-1.19 and the groffer script is very different in the version shipped in RHEL3. However there looks to be a similar temporary file vulnerability that could be fixed in a similar way to the patch. Does not affect RHEL2.1 packages which do not contain this script.
Created attachment 105435 [details] Patch for 1.19 which needs backporting
Ping on this issue
Mark, Josh, I backpotred the patch and building the errata packages at the moment.
QA found that the groffer script won't run on RHEL3 due to needing packages we don't ship. Therefore this won't be fixed.