ports/80671: japanese/groff: Fix insecure temporary file creation vulnerabilities.

KOMATSU Shinichiro koma2 at lovepeers.org
Thu May 5 18:40:03 UTC 2005 

>Number:         80671
>Category:       ports
>Synopsis:       japanese/groff: Fix insecure temporary file creation vulnerabilities.
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu May 05 18:40:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     KOMATSU Shinichiro
>Release:        FreeBSD 5.3-RELEASE-p5 amd64
>Organization:
>Environment:
FreeBSD 5.3-RELEASE-p5 amd64

>Description:

Update japanese/groff to Debian version 1.18.1.1_7.
This version contains the following vulnerability fixes:

- groffer uses temp files unsafely (CAN-2004-0969)
- pic2graph and eqn2graph are vulnerable to symlink attack 
  through temporary file (CAN-2004-1296)

>How-To-Repeat:

>Fix:

Index: japanese/groff/Makefile
===================================================================
RCS file: /home/ncvs/ports/japanese/groff/Makefile,v
retrieving revision 1.49
diff -u -r1.49 Makefile
--- japanese/groff/Makefile	14 May 2004 00:33:43 -0000	1.49
+++ japanese/groff/Makefile	5 May 2005 11:56:05 -0000
@@ -7,7 +7,8 @@
 
 PORTNAME=	groff
 PORTVERSION=	1.18.1
-PORTREVISION=	7
+DISTVERSIONSUFFIX=	.1
+PORTREVISION=	8
 CATEGORIES=	japanese print
 MASTER_SITES=	${MASTER_SITE_LOCAL:S,%SUBDIR%,okazaki/&,} \
 		${MASTER_SITE_DEBIAN:S,$,:debian,}
@@ -16,7 +17,7 @@
 
 PATCH_SITES=	${MASTER_SITE_DEBIAN}
 PATCH_SITE_SUBDIR=	pool/main/g/groff
-PATCHFILES=	${DISTNAME:S,-,_,}-15.diff.gz
+PATCHFILES=	${DISTNAME:S,-,_,}-7.diff.gz
 PATCH_DIST_STRIP=	-p1
 
 MAINTAINER=	okazaki at FreeBSD.org
Index: japanese/groff/distinfo
===================================================================
RCS file: /home/ncvs/ports/japanese/groff/distinfo,v
retrieving revision 1.18
diff -u -r1.18 distinfo
--- japanese/groff/distinfo	11 Mar 2004 05:31:52 -0000	1.18
+++ japanese/groff/distinfo	5 May 2005 11:24:10 -0000
@@ -1,6 +1,6 @@
-MD5 (groff_1.18.1.orig.tar.gz) = 4c7a1b478d230696f14743772f31639f
-SIZE (groff_1.18.1.orig.tar.gz) = 2250463
+MD5 (groff_1.18.1.1.orig.tar.gz) = 511dbd64b67548c99805f1521f82cc5e
+SIZE (groff_1.18.1.1.orig.tar.gz) = 2260623
 MD5 (tmac-20030521_2.tar.gz) = 09e930a9690593b5de7118ae43962074
 SIZE (tmac-20030521_2.tar.gz) = 136303
-MD5 (groff_1.18.1-15.diff.gz) = bb318ec68be02c8b0d8a834f9f296195
-SIZE (groff_1.18.1-15.diff.gz) = 117862
+MD5 (groff_1.18.1.1-7.diff.gz) = 363c4419e76af510948ba6472d0bd75c
+SIZE (groff_1.18.1.1-7.diff.gz) = 126964
Index: security/vuxml/vuln.xml
===================================================================
RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v
retrieving revision 1.652
diff -u -r1.652 vuln.xml
--- security/vuxml/vuln.xml	3 May 2005 10:14:18 -0000	1.652
+++ security/vuxml/vuln.xml	5 May 2005 18:18:55 -0000
@@ -32,6 +32,59 @@
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="01bb84e2-bd88-11d9-a281-02e018374e71">
+    <topic>groff -- pic2graph and eqn2graph are vulnerable to symlink attack through temporary file</topic>
+    <affects>
+      <package>
+	<name>ja-groff</name>
+	<range><lt>1.18.1_8</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The eqn2graph and pic2graph scripts in groff 1.18.1
+	  allow local users to overwrite arbitrary files via
+	  a symlink attack on temporary files.</p>
+      </body>
+    </description>
+    <references>
+      <bid>12058</bid>
+      <cvename>CAN-2004-1296</cvename>
+      <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371</url>
+      <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372</url>
+    </references>
+    <dates>
+      <discovery>2004-12-20</discovery>
+      <entry>2005-05-06</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="169f422f-bd88-11d9-a281-02e018374e71">
+    <topic>groff -- groffer uses temp files unsafely</topic>
+    <affects>
+      <package>
+	<name>ja-groff</name>
+	<range><lt>1.18.1_8</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The groffer script in the Groff package 1.18 and later versions
+	  allows local users to overwrite files via a symlink attack 
+	  on temporary files.</p>
+      </body>
+    </description>
+    <references>
+      <bid>11287</bid>
+      <cvename>CAN-2004-0969</cvename>
+      <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278265</url>
+    </references>
+    <dates>
+      <discovery>2004-09-30</discovery>
+      <entry>2005-05-06</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="5f003a08-ba3c-11d9-837d-000e0c2e438a">
     <topic>sharutils -- unshar insecure temporary file creation</topic>
     <affects>
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list